admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:53:35 +00:00
parent 9948547ddc
commit a0712e42c8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4254 additions and 4254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2006/0xxx/CVE-2006-0614.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=303658",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=303658"
},
{
"name" : "GLSA-200602-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml"
},
{
"name" : "102171",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1"
},
{
"name" : "VU#759996",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/759996"
},
{
"name" : "ADV-2006-0467",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0467"
},
{
"name" : "ADV-2006-0828",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0828"
},
{
"name" : "ADV-2006-1398",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1398"
},
{
"name" : "1015596",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015596"
},
{
"name" : "18760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18760"
},
{
"name" : "18884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18884"
},
{
"name" : "sun-jre-reflection-privilege-elevation(24561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0828",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0828"
},
{
"name": "GLSA-200602-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml"
},
{
"name": "1015596",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015596"
},
{
"name": "ADV-2006-0467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0467"
},
{
"name": "18884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18884"
},
{
"name": "sun-jre-reflection-privilege-elevation(24561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561"
},
{
"name": "18760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18760"
},
{
"name": "VU#759996",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/759996"
},
{
"name": "ADV-2006-1398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1398"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303658",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303658"
},
{
"name": "102171",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1"
}
]
}
}

170
2006/0xxx/CVE-2006-0666.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IY79595",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY79595&apar=only"
},
{
"name" : "16624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16624"
},
{
"name" : "ADV-2006-0573",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0573"
},
{
"name" : "23127",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23127"
},
{
"name" : "18795",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18795"
},
{
"name" : "aix-kernel-dos(24711)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aix-kernel-dos(24711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24711"
},
{
"name": "23127",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23127"
},
{
"name": "16624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16624"
},
{
"name": "18795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18795"
},
{
"name": "IY79595",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY79595&apar=only"
},
{
"name": "ADV-2006-0573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0573"
}
]
}
}

140
2006/0xxx/CVE-2006-0937.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nsag.ru/vuln/890.html",
"refsource" : "MISC",
"url" : "http://nsag.ru/vuln/890.html"
},
{
"name" : "18998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18998"
},
{
"name" : "mailgust-index-info-disclosure(24890)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nsag.ru/vuln/890.html",
"refsource": "MISC",
"url": "http://nsag.ru/vuln/890.html"
},
{
"name": "18998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18998"
},
{
"name": "mailgust-index-info-disclosure(24890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24890"
}
]
}
}

140
2006/3xxx/CVE-2006-3613.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka \"Who is this item for?\") and (2) special (aka \"Special Instructions\") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060630 ezWaiter v3.0 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438792/100/0/threaded"
},
{
"name" : "18746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18746"
},
{
"name" : "ezwaiter-input-fields-xss(27587)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27587"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka \"Who is this item for?\") and (2) special (aka \"Special Instructions\") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ezwaiter-input-fields-xss(27587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27587"
},
{
"name": "18746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18746"
},
{
"name": "20060630 ezWaiter v3.0 - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438792/100/0/threaded"
}
]
}
}

240
2006/3xxx/CVE-2006-3911.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060724 PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440955"
},
{
"name" : "20061007 PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447947/100/200/threaded"
},
{
"name" : "2060",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2060"
},
{
"name" : "http://www.neosecurityteam.net/index.php?action=advisories&id=25",
"refsource" : "MISC",
"url" : "http://www.neosecurityteam.net/index.php?action=advisories&id=25"
},
{
"name" : "19116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19116"
},
{
"name" : "ADV-2006-2940",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2940"
},
{
"name" : "27448",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27448"
},
{
"name" : "27449",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27449"
},
{
"name" : "1016581",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016581"
},
{
"name" : "1017017",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017017"
},
{
"name" : "21158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21158"
},
{
"name" : "1297",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1297"
},
{
"name" : "phplive-help-setupheader-file-include(27914)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27914"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1297",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1297"
},
{
"name": "27448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27448"
},
{
"name": "ADV-2006-2940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2940"
},
{
"name": "http://www.neosecurityteam.net/index.php?action=advisories&id=25",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/index.php?action=advisories&id=25"
},
{
"name": "20060724 PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440955"
},
{
"name": "21158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21158"
},
{
"name": "19116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19116"
},
{
"name": "27449",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27449"
},
{
"name": "2060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2060"
},
{
"name": "phplive-help-setupheader-file-include(27914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27914"
},
{
"name": "1016581",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016581"
},
{
"name": "20061007 PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447947/100/200/threaded"
},
{
"name": "1017017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017017"
}
]
}
}

140
2006/3xxx/CVE-2006-3932.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-2983",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2983"
},
{
"name" : "21212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21212"
},
{
"name" : "linkscaffe-links-sql-injection(27961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21212"
},
{
"name": "ADV-2006-2983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2983"
},
{
"name": "linkscaffe-links-sql-injection(27961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961"
}
]
}
}

230
2006/4xxx/CVE-2006-4075.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060808 docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442584/100/0/threaded"
},
{
"name" : "2146",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2146"
},
{
"name" : "19428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19428"
},
{
"name" : "ADV-2006-3222",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3222"
},
{
"name" : "27859",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27859"
},
{
"name" : "27860",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27860"
},
{
"name" : "27861",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27861"
},
{
"name" : "27862",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27862"
},
{
"name" : "1016669",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016669"
},
{
"name" : "21412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21412"
},
{
"name" : "1367",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1367"
},
{
"name" : "docpilewe-initpath-file-include(28273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3222",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3222"
},
{
"name": "27862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27862"
},
{
"name": "20060808 docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442584/100/0/threaded"
},
{
"name": "2146",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2146"
},
{
"name": "27859",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27859"
},
{
"name": "1367",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1367"
},
{
"name": "19428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19428"
},
{
"name": "27861",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27861"
},
{
"name": "docpilewe-initpath-file-include(28273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28273"
},
{
"name": "1016669",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016669"
},
{
"name": "27860",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27860"
},
{
"name": "21412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21412"
}
]
}
}

34
2006/4xxx/CVE-2006-4243.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4243",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4243",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

230
2006/4xxx/CVE-2006-4416.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource" : "CONFIRM",
"url" : "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name" : "IY88699",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88699"
},
{
"name" : "IY88737",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88737"
},
{
"name" : "IY88722",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88722"
},
{
"name" : "19708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19708"
},
{
"name" : "20197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20197"
},
{
"name" : "ADV-2006-3389",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3389"
},
{
"name" : "ADV-2006-3770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name" : "1016920",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016920"
},
{
"name" : "21620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21620"
},
{
"name" : "22106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22106"
},
{
"name" : "aix-mkvg-privilege-escalation(29165)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22106"
},
{
"name": "aix-mkvg-privilege-escalation(29165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29165"
},
{
"name": "1016920",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016920"
},
{
"name": "20197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20197"
},
{
"name": "ADV-2006-3389",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3389"
},
{
"name": "IY88737",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88737"
},
{
"name": "21620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21620"
},
{
"name": "IY88722",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88722"
},
{
"name": "19708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19708"
},
{
"name": "IY88699",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88699"
},
{
"name": "ADV-2006-3770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
}
]
}
}

200
2006/4xxx/CVE-2006-4417.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060825 Sql injection in Xoops",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444419/100/0/threaded"
},
{
"name" : "http://www.hackers.ir/advisories/xoops.html",
"refsource" : "MISC",
"url" : "http://www.hackers.ir/advisories/xoops.html"
},
{
"name" : "http://devteam.xoops.org/releases/changelog-2.0.15.html",
"refsource" : "CONFIRM",
"url" : "http://devteam.xoops.org/releases/changelog-2.0.15.html"
},
{
"name" : "19720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19720"
},
{
"name" : "ADV-2006-3402",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3402"
},
{
"name" : "28265",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28265"
},
{
"name" : "21643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21643"
},
{
"name" : "1461",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1461"
},
{
"name" : "xoops-edituser-sql-injection(28586)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28586"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xoops-edituser-sql-injection(28586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28586"
},
{
"name": "28265",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28265"
},
{
"name": "http://devteam.xoops.org/releases/changelog-2.0.15.html",
"refsource": "CONFIRM",
"url": "http://devteam.xoops.org/releases/changelog-2.0.15.html"
},
{
"name": "19720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19720"
},
{
"name": "20060825 Sql injection in Xoops",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444419/100/0/threaded"
},
{
"name": "http://www.hackers.ir/advisories/xoops.html",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/xoops.html"
},
{
"name": "21643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21643"
},
{
"name": "ADV-2006-3402",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3402"
},
{
"name": "1461",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1461"
}
]
}
}

160
2006/4xxx/CVE-2006-4635.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://classic.squiz.net/download/changelogs/change_log_2.14.8",
"refsource" : "CONFIRM",
"url" : "http://classic.squiz.net/download/changelogs/change_log_2.14.8"
},
{
"name" : "19868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19868"
},
{
"name" : "ADV-2006-3477",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3477"
},
{
"name" : "21757",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21757"
},
{
"name" : "mysource-equation-code-execution(28768)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3477",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3477"
},
{
"name": "19868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19868"
},
{
"name": "mysource-equation-code-execution(28768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28768"
},
{
"name": "21757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21757"
},
{
"name": "http://classic.squiz.net/download/changelogs/change_log_2.14.8",
"refsource": "CONFIRM",
"url": "http://classic.squiz.net/download/changelogs/change_log_2.14.8"
}
]
}
}

490
2006/4xxx/CVE-2006-4997.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070615 rPSA-2007-0124-1 kernel xen",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471457"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm"
},
{
"name" : "DSA-1233",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name" : "DSA-1237",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1237"
},
{
"name" : "MDKSA-2006:197",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:197"
},
{
"name" : "MDKSA-2007:012",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012"
},
{
"name" : "MDKSA-2007:025",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025"
},
{
"name" : "RHSA-2006:0689",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2"
},
{
"name" : "RHSA-2006:0710",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html"
},
{
"name" : "RHSA-2007:0012",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0012.html"
},
{
"name" : "RHSA-2007:0013",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0013.html"
},
{
"name" : "SUSE-SA:2006:079",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name" : "USN-395-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-395-1"
},
{
"name" : "20363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20363"
},
{
"name" : "oval:org.mitre.oval:def:10388",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388"
},
{
"name" : "ADV-2006-3937",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3937"
},
{
"name" : "ADV-2006-3999",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3999"
},
{
"name" : "1017526",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017526"
},
{
"name" : "22253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22253"
},
{
"name" : "22279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22279"
},
{
"name" : "22292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22292"
},
{
"name" : "22497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22497"
},
{
"name" : "22762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22762"
},
{
"name" : "22945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22945"
},
{
"name" : "23064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23064"
},
{
"name" : "23370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23370"
},
{
"name" : "23384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23384"
},
{
"name" : "23395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23395"
},
{
"name" : "23788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23788"
},
{
"name" : "23752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23752"
},
{
"name" : "24288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24288"
},
{
"name" : "25691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25691"
},
{
"name" : "23474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23474"
},
{
"name" : "kernel-clipmkip-dos(29387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29387"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265"
},
{
"name": "20363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20363"
},
{
"name": "MDKSA-2007:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025"
},
{
"name": "SUSE-SA:2006:079",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name": "22253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22253"
},
{
"name": "RHSA-2007:0012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0012.html"
},
{
"name": "22279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22279"
},
{
"name": "23788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23788"
},
{
"name": "22292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22292"
},
{
"name": "RHSA-2007:0013",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0013.html"
},
{
"name": "RHSA-2006:0689",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name": "MDKSA-2007:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012"
},
{
"name": "1017526",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017526"
},
{
"name": "23384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23384"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2"
},
{
"name": "23752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23752"
},
{
"name": "DSA-1237",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1237"
},
{
"name": "22762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22762"
},
{
"name": "24288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24288"
},
{
"name": "23474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23474"
},
{
"name": "23064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23064"
},
{
"name": "DSA-1233",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name": "23370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23370"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name": "ADV-2006-3999",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3999"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm"
},
{
"name": "oval:org.mitre.oval:def:10388",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388"
},
{
"name": "22497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22497"
},
{
"name": "22945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22945"
},
{
"name": "RHSA-2006:0710",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html"
},
{
"name": "USN-395-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-395-1"
},
{
"name": "ADV-2006-3937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3937"
},
{
"name": "MDKSA-2006:197",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:197"
},
{
"name": "23395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23395"
},
{
"name": "25691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25691"
},
{
"name": "kernel-clipmkip-dos(29387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29387"
}
]
}
}

170
2006/7xxx/CVE-2006-7143.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448423/100/0/threaded"
},
{
"name" : "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html"
},
{
"name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt"
},
{
"name" : "20474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20474"
},
{
"name" : "22365",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22365"
},
{
"name" : "2389",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448423/100/0/threaded"
},
{
"name": "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html"
},
{
"name": "2389",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2389"
},
{
"name": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt"
},
{
"name": "22365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22365"
},
{
"name": "20474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20474"
}
]
}
}

130
2010/2xxx/CVE-2010-2026.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html"
},
{
"name" : "40346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40346"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html"
},
{
"name": "40346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40346"
}
]
}
}

140
2010/2xxx/CVE-2010-2093.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "SUSE-SR:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}

200
2010/2xxx/CVE-2010-2465.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blip.tv/file/3414004",
"refsource" : "MISC",
"url" : "http://blip.tv/file/3414004"
},
{
"name" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html",
"refsource" : "MISC",
"url" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html"
},
{
"name" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2",
"refsource" : "MISC",
"url" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2"
},
{
"name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon",
"refsource" : "MISC",
"url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-83TQL8",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-83TQL8"
},
{
"name" : "VU#251133",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/251133"
},
{
"name" : "41134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41134"
},
{
"name" : "65757",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65757"
},
{
"name" : "40374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40374"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html",
"refsource": "MISC",
"url": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html"
},
{
"name": "40374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40374"
},
{
"name": "VU#251133",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/251133"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-83TQL8",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-83TQL8"
},
{
"name": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2",
"refsource": "MISC",
"url": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2"
},
{
"name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon",
"refsource": "MISC",
"url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon"
},
{
"name": "65757",
"refsource": "OSVDB",
"url": "http://osvdb.org/65757"
},
{
"name": "41134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41134"
},
{
"name": "http://blip.tv/file/3414004",
"refsource": "MISC",
"url": "http://blip.tv/file/3414004"
}
]
}
}

190
2010/2xxx/CVE-2010-2479.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://htmlpurifier.org/news/2010/0531-4.1.1-released",
"refsource" : "CONFIRM",
"url" : "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"name" : "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230",
"refsource" : "CONFIRM",
"url" : "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"name" : "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource" : "CONFIRM",
"url" : "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name" : "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource" : "CONFIRM",
"url" : "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name" : "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource" : "CONFIRM",
"url" : "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name" : "41259",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41259"
},
{
"name" : "39613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39613"
},
{
"name" : "40431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39613"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "http://htmlpurifier.org/news/2010/0531-4.1.1-released",
"refsource": "CONFIRM",
"url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"name": "41259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41259"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230",
"refsource": "CONFIRM",
"url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
}
]
}
}

170
2010/2xxx/CVE-2010-2917.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14354",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14354"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt"
},
{
"name" : "41576",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41576"
},
{
"name" : "66279",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66279"
},
{
"name" : "40560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40560"
},
{
"name" : "ajarticle-profile-xss(60357)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14354",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14354"
},
{
"name": "66279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66279"
},
{
"name": "41576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41576"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt"
},
{
"name": "40560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40560"
},
{
"name": "ajarticle-profile-xss(60357)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60357"
}
]
}
}

150
2010/3xxx/CVE-2010-3396.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14987",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14987"
},
{
"name" : "43173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43173"
},
{
"name" : "oval:org.mitre.oval:def:6650",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6650"
},
{
"name" : "41393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14987",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14987"
},
{
"name": "oval:org.mitre.oval:def:6650",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6650"
},
{
"name": "41393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41393"
},
{
"name": "43173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43173"
}
]
}
}

190
2010/3xxx/CVE-2010-3399.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"
},
{
"name" : "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf",
"refsource" : "MISC",
"url" : "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577512",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"
},
{
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name" : "oval:org.mitre.oval:def:7598",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"
},
{
"name" : "42867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42867"
},
{
"name" : "ADV-2011-0061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name": "42867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42867"
},
{
"name": "ADV-2011-0061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0061"
},
{
"name": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512"
},
{
"name": "oval:org.mitre.oval:def:7598",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598"
},
{
"name": "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html"
}
]
}
}

34
2010/3xxx/CVE-2010-3438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3438",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3438",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/3xxx/CVE-2010-3738.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IC65184",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
},
{
"name" : "oval:org.mitre.oval:def:14488",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC65184",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184"
},
{
"name": "oval:org.mitre.oval:def:14488",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
}
]
}
}

34
2011/0xxx/CVE-2011-0068.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0068",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0068",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2011/0xxx/CVE-2011-0247.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:16186",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:16186",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186"
}
]
}
}

160
2011/0xxx/CVE-2011-0385.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
},
{
"name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
},
{
"name" : "1025113",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025113"
},
{
"name" : "1025114",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025114"
},
{
"name" : "telepresence-interface-file-upload(65604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml"
},
{
"name": "telepresence-interface-file-upload(65604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65604"
},
{
"name": "1025114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025114"
},
{
"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
},
{
"name": "1025113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025113"
}
]
}
}

190
2011/0xxx/CVE-2011-0687.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1101/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1101/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1101/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1101/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1101/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1101/"
},
{
"name" : "46036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46036"
},
{
"name" : "70733",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70733"
},
{
"name" : "oval:org.mitre.oval:def:12563",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12563"
},
{
"name" : "43023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43023"
},
{
"name" : "ADV-2011-0231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/windows/1101/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1101/"
},
{
"name": "oval:org.mitre.oval:def:12563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12563"
},
{
"name": "ADV-2011-0231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0231"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1101/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1101/"
},
{
"name": "46036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46036"
},
{
"name": "70733",
"refsource": "OSVDB",
"url": "http://osvdb.org/70733"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1101/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1101/"
},
{
"name": "43023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43023"
}
]
}
}

310
2011/1xxx/CVE-2011-1003.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110221 Re: clamav 0.97",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/21/4"
},
{
"name" : "[oss-security] 20110221 clamav 0.97",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/21/1"
},
{
"name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97",
"refsource" : "CONFIRM",
"url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97"
},
{
"name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f",
"refsource" : "CONFIRM",
"url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f"
},
{
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486",
"refsource" : "CONFIRM",
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486"
},
{
"name" : "FEDORA-2011-2741",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html"
},
{
"name" : "FEDORA-2011-2743",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html"
},
{
"name" : "MDVA-2011:007",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1076-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1076-1"
},
{
"name" : "46470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46470"
},
{
"name" : "70937",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70937"
},
{
"name" : "1025100",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025100"
},
{
"name" : "43392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43392"
},
{
"name" : "43498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43498"
},
{
"name" : "43752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43752"
},
{
"name" : "ADV-2011-0453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0453"
},
{
"name" : "ADV-2011-0458",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0458"
},
{
"name" : "ADV-2011-0523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0523"
},
{
"name" : "clamav-vbareadprojectstrings-dos(65544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025100",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025100"
},
{
"name": "46470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46470"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97"
},
{
"name": "70937",
"refsource": "OSVDB",
"url": "http://osvdb.org/70937"
},
{
"name": "[oss-security] 20110221 clamav 0.97",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/21/1"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f"
},
{
"name": "clamav-vbareadprojectstrings-dos(65544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65544"
},
{
"name": "ADV-2011-0458",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0458"
},
{
"name": "43752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43752"
},
{
"name": "ADV-2011-0453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0453"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "MDVA-2011:007",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486"
},
{
"name": "ADV-2011-0523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0523"
},
{
"name": "FEDORA-2011-2743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html"
},
{
"name": "USN-1076-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1076-1"
},
{
"name": "[oss-security] 20110221 Re: clamav 0.97",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/21/4"
},
{
"name": "FEDORA-2011-2741",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html"
},
{
"name": "43392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43392"
},
{
"name": "43498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43498"
}
]
}
}

170
2011/1xxx/CVE-2011-1336.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118",
"refsource" : "CONFIRM",
"url" : "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118"
},
{
"name" : "http://www.altools.jp/download.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.altools.jp/download.aspx"
},
{
"name" : "JVN#01547302",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN01547302/index.html"
},
{
"name" : "JVNDB-2011-000048",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name" : "48493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48493"
},
{
"name" : "45108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48493"
},
{
"name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118"
},
{
"name": "http://www.altools.jp/download.aspx",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
]
}
}

34
2011/1xxx/CVE-2011-1912.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1912",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1912",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2011/5xxx/CVE-2011-5094.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name" : "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"name" : "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name" : "[tls] 20110315 SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name" : "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"name" : "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource" : "MLIST",
"url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"name" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource" : "MISC",
"url" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource" : "MISC",
"url" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource" : "MISC",
"url" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource": "MISC",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource": "MISC",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3049.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3049",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/3xxx/CVE-2014-3075.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679979",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679979"
},
{
"name" : "JR50092",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092"
},
{
"name" : "ibm-websphere-cve20143075-file-upload(93817)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20143075-file-upload(93817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93817"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679979",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679979"
},
{
"name": "JR50092",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092"
}
]
}
}

150
2014/3xxx/CVE-2014-3362.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674"
},
{
"name" : "20140910 Cisco TelePresence System MXP Series Software Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362"
},
{
"name" : "61072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61072"
},
{
"name" : "cisco-telepresence-mxp-cve20143362-dos(95883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140910 Cisco TelePresence System MXP Series Software Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674"
},
{
"name": "cisco-telepresence-mxp-cve20143362-dos(95883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95883"
},
{
"name": "61072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61072"
}
]
}
}

160
2014/3xxx/CVE-2014-3744.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140513 CVE request: various NodeJS module vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"name" : "[oss-security] 20140514 Re: CVE request: various NodeJS module vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/2"
},
{
"name" : "https://nodesecurity.io/advisories/st_directory_traversal",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/st_directory_traversal"
},
{
"name" : "https://github.com/isaacs/st",
"refsource" : "CONFIRM",
"url" : "https://github.com/isaacs/st"
},
{
"name" : "67389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140514 Re: CVE request: various NodeJS module vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/2"
},
{
"name": "[oss-security] 20140513 CVE request: various NodeJS module vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1"
},
{
"name": "https://github.com/isaacs/st",
"refsource": "CONFIRM",
"url": "https://github.com/isaacs/st"
},
{
"name": "67389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67389"
},
{
"name": "https://nodesecurity.io/advisories/st_directory_traversal",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/st_directory_traversal"
}
]
}
}

150
2014/6xxx/CVE-2014-6463.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "70532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70532"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

34
2014/6xxx/CVE-2014-6644.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6644",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-6644",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/6xxx/CVE-2014-6645.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#438881",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/438881"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#438881",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/438881"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7302.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7302",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7302",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7316.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#987297",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/987297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#987297",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/987297"
}
]
}
}

140
2014/7xxx/CVE-2014-7622.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#970049",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/970049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#970049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970049"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7794.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#753217",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/753217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#753217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/753217"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7916.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf",
"refsource" : "MISC",
"url" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf",
"refsource": "MISC",
"url": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d"
}
]
}
}

34
2014/8xxx/CVE-2014-8209.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8209",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8209",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8235.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8235",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8235",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

150
2016/2xxx/CVE-2016-2205.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00"
},
{
"name" : "89395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/89395"
},
{
"name" : "1036262",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036262"
},
{
"name" : "1036263",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00"
},
{
"name": "89395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89395"
},
{
"name": "1036263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036263"
},
{
"name": "1036262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036262"
}
]
}
}

170
2016/2xxx/CVE-2016-2373.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-2373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pidgin",
"version" : {
"version_data" : [
{
"version_value" : "2.10.11"
}
]
}
}
]
},
"vendor_name" : "Pidgin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0141/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"name" : "http://www.pidgin.im/news/security/?id=106",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=106"
},
{
"name" : "DSA-3620",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3620"
},
{
"name" : "GLSA-201701-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-38"
},
{
"name" : "USN-3031-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name" : "91335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0141/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/"
},
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=106",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=106"
}
]
}
}

120
2016/2xxx/CVE-2016-2432.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2509.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf"
},
{
"name" : "VU#507216",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/507216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#507216",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/507216"
},
{
"name": "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf",
"refsource": "CONFIRM",
"url": "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf"
}
]
}
}

34
2016/2xxx/CVE-2016-2990.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2990",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2990",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/6xxx/CVE-2016-6281.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6281",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6281",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6530.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schickbysirona.com/items.php?itemid=19189",
"refsource" : "CONFIRM",
"url" : "https://www.schickbysirona.com/items.php?itemid=19189"
},
{
"name" : "VU#548399",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/548399"
},
{
"name" : "92777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#548399",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/548399"
},
{
"name": "https://www.schickbysirona.com/items.php?itemid=19189",
"refsource": "CONFIRM",
"url": "https://www.schickbysirona.com/items.php?itemid=19189"
},
{
"name": "92777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92777"
}
]
}
}

130
2016/6xxx/CVE-2016-6783.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94683"
}
]
}
}

140
2017/18xxx/CVE-2017-18271.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/911",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/911"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html"
},
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/911",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/911"
}
]
}
}

34
2017/18xxx/CVE-2017-18275.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18275",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18275",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

172
2017/1xxx/CVE-2017-1448.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-04T00:00:00",
"ID" : "CVE-2017-1448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Supplier Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0.0"
},
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
},
{
"version_value" : "10.0.2.0"
},
{
"version_value" : "10.0.4.0"
},
{
"version_value" : "10.1.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name" : "100222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}

34
2017/1xxx/CVE-2017-1687.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1687",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1687",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/5xxx/CVE-2017-5064.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 58.0.3029.81 for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Object Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 58.0.3029.81 for Windows",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 58.0.3029.81 for Windows"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/693974",
"refsource" : "MISC",
"url" : "https://crbug.com/693974"
},
{
"name" : "GLSA-201705-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-02"
},
{
"name" : "RHSA-2017:1124",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name" : "97939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97939"
},
{
"name" : "1038317",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1124",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"name": "GLSA-201705-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"name": "1038317",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038317"
},
{
"name": "https://crbug.com/693974",
"refsource": "MISC",
"url": "https://crbug.com/693974"
},
{
"name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"name": "97939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97939"
}
]
}
}

34
2017/5xxx/CVE-2017-5270.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5270",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5270",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/5xxx/CVE-2017-5578.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/23/3"
},
{
"name" : "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/25/2"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b"
},
{
"name" : "GLSA-201702-28",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-28"
},
{
"name" : "95781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b"
},
{
"name": "95781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95781"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
}
]
}
}

130
2017/5xxx/CVE-2017-5599.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697",
"refsource" : "MISC",
"url" : "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697"
},
{
"name" : "95835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95835"
},
{
"name": "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697",
"refsource": "MISC",
"url": "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697"
}
]
}
}

120
2017/5xxx/CVE-2017-5683.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2017-5683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Hardware Accelerated Execution Manager",
"version" : {
"version_data" : [
{
"version_value" : "Before v6.0.6"
}
]
}
}
]
},
"vendor_name" : "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2017-5683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Hardware Accelerated Execution Manager",
"version": {
"version_data": [
{
"version_value": "Before v6.0.6"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr"
}
]
}
}