admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:23:44 +00:00
parent 30b105999d
commit a2d1c05750
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 5095 additions and 5095 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2006/0xxx/CVE-2006-0005.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393"
},
{
"name" : "MS06-006",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006"
},
{
"name" : "TA06-045A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-045A.html"
},
{
"name" : "VU#692060",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/692060"
},
{
"name" : "16644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16644"
},
{
"name" : "ADV-2006-0575",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0575"
},
{
"name" : "oval:org.mitre.oval:def:1559",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559"
},
{
"name" : "1015628",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015628"
},
{
"name" : "18852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18852"
},
{
"name" : "win-mediaplayer-plugin-embed-bo(24493)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0575"
},
{
"name": "16644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16644"
},
{
"name": "win-mediaplayer-plugin-embed-bo(24493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24493"
},
{
"name": "1015628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015628"
},
{
"name": "VU#692060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/692060"
},
{
"name": "20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393"
},
{
"name": "MS06-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-006"
},
{
"name": "oval:org.mitre.oval:def:1559",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1559"
},
{
"name": "TA06-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-045A.html"
},
{
"name": "18852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18852"
}
]
}
}

210
2006/0xxx/CVE-2006-0078.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420673/100/0/threaded"
},
{
"name" : "20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444320/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/10/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/10/summary.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067"
},
{
"name" : "16114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16114"
},
{
"name" : "ADV-2006-0018",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0018"
},
{
"name" : "22190",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22190"
},
{
"name" : "22191",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22191"
},
{
"name" : "18271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18271"
},
{
"name" : "316",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420673/100/0/threaded"
},
{
"name": "ADV-2006-0018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0018"
},
{
"name": "http://evuln.com/vulns/10/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/10/summary.html"
},
{
"name": "18271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18271"
},
{
"name": "20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444320/100/0/threaded"
},
{
"name": "16114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16114"
},
{
"name": "316",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/316"
},
{
"name": "22191",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22191"
},
{
"name": "22190",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22190"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067"
}
]
}
}

190
2006/0xxx/CVE-2006-0309.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060113 Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421929/100/0/threaded"
},
{
"name" : "20060116 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422064/100/0/threaded"
},
{
"name" : "20060117 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422266/100/0/threaded"
},
{
"name" : "16307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16307"
},
{
"name" : "ADV-2006-0238",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0238"
},
{
"name" : "1015490",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015490"
},
{
"name" : "18461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18461"
},
{
"name" : "linksys-null-length-dos(24125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0238"
},
{
"name": "20060117 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422266/100/0/threaded"
},
{
"name": "16307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16307"
},
{
"name": "20060113 Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421929/100/0/threaded"
},
{
"name": "linksys-null-length-dos(24125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24125"
},
{
"name": "1015490",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015490"
},
{
"name": "18461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18461"
},
{
"name": "20060116 Re: Linksys VPN Router (BEFVP41) DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422064/100/0/threaded"
}
]
}
}

150
2006/0xxx/CVE-2006-0375.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html"
},
{
"name" : "16288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16288"
},
{
"name" : "18514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18514"
},
{
"name" : "act-p202s-default-port(24149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "act-p202s-default-port(24149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24149"
},
{
"name": "18514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18514"
},
{
"name": "20060116 ACT P202S VoIP wireless phone multiple undocumented ports/services",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html"
},
{
"name": "16288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16288"
}
]
}
}

200
2006/0xxx/CVE-2006-0491.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060201 [eVuln] SZUserMgnt Authentication Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423658/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/53/summary.html",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/53/summary.html"
},
{
"name" : "16454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16454"
},
{
"name" : "ADV-2006-0366",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0366"
},
{
"name" : "22809",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22809"
},
{
"name" : "1015569",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015569"
},
{
"name" : "18666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18666"
},
{
"name" : "396",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/396"
},
{
"name" : "szusermgnt-username-sql-injection(24339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.evuln.com/vulns/53/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/53/summary.html"
},
{
"name": "396",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/396"
},
{
"name": "16454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16454"
},
{
"name": "ADV-2006-0366",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0366"
},
{
"name": "1015569",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015569"
},
{
"name": "22809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22809"
},
{
"name": "szusermgnt-username-sql-injection(24339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24339"
},
{
"name": "20060201 [eVuln] SZUserMgnt Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423658/100/0/threaded"
},
{
"name": "18666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18666"
}
]
}
}

150
2006/0xxx/CVE-2006-0980.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060226 CGI Calendar XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426198/100/0/threaded"
},
{
"name" : "ADV-2006-0764",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0764"
},
{
"name" : "19066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19066"
},
{
"name" : "cgicalendar-index-viewday-xss(24946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060226 CGI Calendar XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426198/100/0/threaded"
},
{
"name": "ADV-2006-0764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0764"
},
{
"name": "19066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19066"
},
{
"name": "cgicalendar-index-viewday-xss(24946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24946"
}
]
}
}

150
2006/1xxx/CVE-2006-1035.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf"
},
{
"name" : "16844",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16844"
},
{
"name" : "VU#298958",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/298958"
},
{
"name" : "19076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16844"
},
{
"name": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/info/IntegrigySecurityAnalysis-OracleDiag0206.pdf"
},
{
"name": "19076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19076"
},
{
"name": "VU#298958",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298958"
}
]
}
}

170
2006/1xxx/CVE-2006-1080.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060304 Game-Panel <= 2.1.6 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426825/100/0/threaded"
},
{
"name" : "http://notlegal.ws/gamepanel.txt",
"refsource" : "MISC",
"url" : "http://notlegal.ws/gamepanel.txt"
},
{
"name" : "16979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16979"
},
{
"name" : "ADV-2006-0864",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0864"
},
{
"name" : "19143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19143"
},
{
"name" : "gamepanel-login-xss(25144)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060304 Game-Panel <= 2.1.6 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426825/100/0/threaded"
},
{
"name": "gamepanel-login-xss(25144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25144"
},
{
"name": "ADV-2006-0864",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0864"
},
{
"name": "http://notlegal.ws/gamepanel.txt",
"refsource": "MISC",
"url": "http://notlegal.ws/gamepanel.txt"
},
{
"name": "16979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16979"
},
{
"name": "19143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19143"
}
]
}
}

200
2006/3xxx/CVE-2006-3104.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060617 bitweaver <= v1.3 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437491/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/bitweaver_13_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/bitweaver_13_xpl.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358"
},
{
"name" : "http://www.bitweaver.org/articles/45",
"refsource" : "CONFIRM",
"url" : "http://www.bitweaver.org/articles/45"
},
{
"name" : "ADV-2006-2405",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2405"
},
{
"name" : "26589",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26589"
},
{
"name" : "20695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20695"
},
{
"name" : "1115",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1115"
},
{
"name" : "bitweaver-index-path-disclosure(27214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358"
},
{
"name": "http://retrogod.altervista.org/bitweaver_13_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/bitweaver_13_xpl.html"
},
{
"name": "26589",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26589"
},
{
"name": "bitweaver-index-path-disclosure(27214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27214"
},
{
"name": "20695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20695"
},
{
"name": "http://www.bitweaver.org/articles/45",
"refsource": "CONFIRM",
"url": "http://www.bitweaver.org/articles/45"
},
{
"name": "1115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1115"
},
{
"name": "ADV-2006-2405",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2405"
},
{
"name": "20060617 bitweaver <= v1.3 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded"
}
]
}
}

190
2006/3xxx/CVE-2006-3455.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 Symantec Product Security: Symantec Device Driver Elevation of Privileg",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449524/100/0/threaded"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.10.23.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.10.23.html"
},
{
"name" : "20684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20684"
},
{
"name" : "ADV-2006-4157",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4157"
},
{
"name" : "1017108",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017108"
},
{
"name" : "1017109",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017109"
},
{
"name" : "22536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22536"
},
{
"name" : "symantec-savrt-privilege-escalation(29762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-savrt-privilege-escalation(29762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29762"
},
{
"name": "20684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20684"
},
{
"name": "ADV-2006-4157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4157"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.10.23.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.10.23.html"
},
{
"name": "20061023 Symantec Product Security: Symantec Device Driver Elevation of Privileg",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449524/100/0/threaded"
},
{
"name": "22536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22536"
},
{
"name": "1017108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017108"
},
{
"name": "1017109",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017109"
}
]
}
}

170
2006/3xxx/CVE-2006-3799.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060718 DeluxeBB mutiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440435/100/0/threaded"
},
{
"name" : "20060718 Advisory : DeluxeBB mutiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"
},
{
"name" : "19052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19052"
},
{
"name" : "ADV-2006-2879",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2879"
},
{
"name" : "21116",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21116"
},
{
"name" : "1254",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1254",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1254"
},
{
"name": "19052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19052"
},
{
"name": "21116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21116"
},
{
"name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"
},
{
"name": "ADV-2006-2879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2879"
},
{
"name": "20060718 DeluxeBB mutiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded"
}
]
}
}

180
2006/3xxx/CVE-2006-3934.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060726 Multiple vulnerabilities in OpenCMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441182/100/0/threaded"
},
{
"name" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt",
"refsource" : "MISC",
"url" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt"
},
{
"name" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip",
"refsource" : "MISC",
"url" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip"
},
{
"name" : "http://www.opencms.org/opencms/en/shownews.html?id=1002",
"refsource" : "MISC",
"url" : "http://www.opencms.org/opencms/en/shownews.html?id=1002"
},
{
"name" : "21193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21193"
},
{
"name" : "1302",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1302"
},
{
"name" : "opencms-downloadtrigger-file-access(28000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21193"
},
{
"name": "http://www.opencms.org/opencms/en/shownews.html?id=1002",
"refsource": "MISC",
"url": "http://www.opencms.org/opencms/en/shownews.html?id=1002"
},
{
"name": "1302",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1302"
},
{
"name": "20060726 Multiple vulnerabilities in OpenCMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded"
},
{
"name": "opencms-downloadtrigger-file-access(28000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000"
},
{
"name": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt"
},
{
"name": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip",
"refsource": "MISC",
"url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip"
}
]
}
}

190
2006/4xxx/CVE-2006-4172.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414"
},
{
"name" : "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446945/100/0/threaded"
},
{
"name" : "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html"
},
{
"name" : "20158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20158"
},
{
"name" : "1016926",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016926"
},
{
"name" : "1016928",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016928"
},
{
"name" : "22064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22064"
},
{
"name" : "freebsd-i386setldt-overflow(29132)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-i386setldt-overflow(29132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132"
},
{
"name": "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446945/100/0/threaded"
},
{
"name": "1016926",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016926"
},
{
"name": "22064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22064"
},
{
"name": "20158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20158"
},
{
"name": "1016928",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016928"
},
{
"name": "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414"
},
{
"name": "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html"
}
]
}
}

200
2006/4xxx/CVE-2006-4394.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-09-29",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
},
{
"name" : "TA06-275A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
},
{
"name" : "VU#897628",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/897628"
},
{
"name" : "20271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20271"
},
{
"name" : "ADV-2006-3852",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3852"
},
{
"name" : "29272",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29272"
},
{
"name" : "1016959",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016959"
},
{
"name" : "22187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22187"
},
{
"name" : "macos-loginwindow-security-bypass(29293)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016959",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016959"
},
{
"name": "20271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20271"
},
{
"name": "macos-loginwindow-security-bypass(29293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29293"
},
{
"name": "29272",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29272"
},
{
"name": "22187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22187"
},
{
"name": "ADV-2006-3852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3852"
},
{
"name": "VU#897628",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/897628"
},
{
"name": "APPLE-SA-2006-09-29",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html"
},
{
"name": "TA06-275A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-275A.html"
}
]
}
}

170
2006/4xxx/CVE-2006-4509.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427"
},
{
"name" : "20663",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20663"
},
{
"name" : "ADV-2006-4142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4142"
},
{
"name" : "1017104",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017104"
},
{
"name" : "22506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22506"
},
{
"name" : "edirectory-monitoreventsrequest-bo(29764)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29764"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061022 Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427"
},
{
"name": "20663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20663"
},
{
"name": "edirectory-monitoreventsrequest-bo(29764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29764"
},
{
"name": "22506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22506"
},
{
"name": "1017104",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017104"
},
{
"name": "ADV-2006-4142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4142"
}
]
}
}

180
2006/4xxx/CVE-2006-4540.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060830 XXS in learncenter.asp",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444842"
},
{
"name" : "20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540)",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-October/001093.html"
},
{
"name" : "19781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19781"
},
{
"name" : "ADV-2006-3432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3432"
},
{
"name" : "28306",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28306"
},
{
"name" : "21716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21716"
},
{
"name" : "learncenter-learncenter-xss(28694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060830 XXS in learncenter.asp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444842"
},
{
"name": "21716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21716"
},
{
"name": "learncenter-learncenter-xss(28694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28694"
},
{
"name": "28306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28306"
},
{
"name": "20061024 Vendor ACK for LearnCenter XSS (CVE-2006-4540)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001093.html"
},
{
"name": "ADV-2006-3432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3432"
},
{
"name": "19781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19781"
}
]
}
}

170
2006/4xxx/CVE-2006-4609.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module (\"Content manager\") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060821 PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444076/100/100/threaded"
},
{
"name" : "20060823 Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444220/100/100/threaded"
},
{
"name" : "ADV-2006-3373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3373"
},
{
"name" : "28217",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28217"
},
{
"name" : "21590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21590"
},
{
"name" : "1495",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module (\"Content manager\") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3373"
},
{
"name": "20060823 Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444220/100/100/threaded"
},
{
"name": "28217",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28217"
},
{
"name": "20060821 PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444076/100/100/threaded"
},
{
"name": "21590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21590"
},
{
"name": "1495",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1495"
}
]
}
}

290
2006/4xxx/CVE-2006-4927.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"
},
{
"name" : "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447849/100/0/threaded"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"
},
{
"name" : "VU#946820",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/946820"
},
{
"name" : "20360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20360"
},
{
"name" : "ADV-2006-3928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3928"
},
{
"name" : "1016994",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016994"
},
{
"name" : "1016995",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016995"
},
{
"name" : "1016996",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016996"
},
{
"name" : "1016997",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016997"
},
{
"name" : "1016998",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016998"
},
{
"name" : "1016999",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016999"
},
{
"name" : "1017000",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017000"
},
{
"name" : "1017001",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017001"
},
{
"name" : "1017002",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017002"
},
{
"name" : "22288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22288"
},
{
"name" : "1690",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1690"
},
{
"name" : "symantec-ioctl-privilege-escalation(29360)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016996",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016996"
},
{
"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"
},
{
"name": "1017001",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017001"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"
},
{
"name": "1017000",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017000"
},
{
"name": "1016997",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016997"
},
{
"name": "1016995",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016995"
},
{
"name": "ADV-2006-3928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3928"
},
{
"name": "1016998",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016998"
},
{
"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"
},
{
"name": "1016994",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016994"
},
{
"name": "22288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22288"
},
{
"name": "20360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20360"
},
{
"name": "1016999",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016999"
},
{
"name": "1017002",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017002"
},
{
"name": "1690",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1690"
},
{
"name": "symantec-ioctl-privilege-escalation(29360)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"
},
{
"name": "VU#946820",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/946820"
}
]
}
}

130
2010/2xxx/CVE-2010-2199.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
},
{
"name" : "rpm-fsm-security-bypass(59416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rpm-fsm-security-bypass(59416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59416"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}

160
2010/2xxx/CVE-2010-2203.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "41235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41235"
},
{
"name" : "oval:org.mitre.oval:def:14495",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14495"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "oval:org.mitre.oval:def:14495",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14495"
},
{
"name": "41235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41235"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
}
]
}
}

140
2010/2xxx/CVE-2010-2367.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html",
"refsource" : "CONFIRM",
"url" : "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html"
},
{
"name" : "JVN#69191943",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN69191943/index.html"
},
{
"name" : "JVNDB-2010-000036",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000036.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html",
"refsource": "CONFIRM",
"url": "http://adedit.blogspot.com/2010/10/ad-edit2-xss.html"
},
{
"name": "JVNDB-2010-000036",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000036.html"
},
{
"name": "JVN#69191943",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN69191943/index.html"
}
]
}
}

200
2010/2xxx/CVE-2010-2889.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "oval:org.mitre.oval:def:7009",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7009"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "oval:org.mitre.oval:def:7009",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7009"
}
]
}
}

150
2010/3xxx/CVE-2010-3325.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka \"CSS Special Character Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100113324",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100113324"
},
{
"name" : "MS10-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:7410",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka \"CSS Special Character Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7410",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7410"
},
{
"name": "MS10-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100113324",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100113324"
}
]
}
}

300
2010/3xxx/CVE-2010-3550.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100114315",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100123193",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "HPSBUX02608",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "SSRT100333",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2010:0770",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name" : "RHSA-2010:0807",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
},
{
"name" : "RHSA-2010:0873",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name" : "RHSA-2010:0987",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"name" : "RHSA-2011:0880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "44040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44040"
},
{
"name" : "oval:org.mitre.oval:def:11619",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11619"
},
{
"name" : "oval:org.mitre.oval:def:12422",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12422"
},
{
"name" : "41967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41967"
},
{
"name" : "44954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12422",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12422"
},
{
"name": "http://support.avaya.com/css/P8/documents/100114315",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100114315"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "RHSA-2010:0770",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
},
{
"name": "SSRT100333",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "RHSA-2010:0987",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
},
{
"name": "44954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44954"
},
{
"name": "44040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44040"
},
{
"name": "RHSA-2011:0880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"name": "RHSA-2010:0873",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "HPSBUX02608",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
},
{
"name": "oval:org.mitre.oval:def:11619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11619"
},
{
"name": "http://support.avaya.com/css/P8/documents/100123193",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100123193"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "41967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41967"
},
{
"name": "RHSA-2010:0807",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3580.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

120
2010/3xxx/CVE-2010-3887.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/",
"refsource" : "MISC",
"url" : "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/",
"refsource": "MISC",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
]
}
}

330
2010/4xxx/CVE-2010-4643.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openoffice.org/security/cves/CVE-2010-4643.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2010-4643.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667588",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667588"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "DSA-2151",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2151"
},
{
"name" : "GLSA-201408-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name" : "MDVSA-2011:027",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
},
{
"name" : "RHSA-2011:0181",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
},
{
"name" : "RHSA-2011:0182",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
},
{
"name" : "USN-1056-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1056-1"
},
{
"name" : "46031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46031"
},
{
"name" : "70718",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70718"
},
{
"name" : "1025002",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025002"
},
{
"name" : "43065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43065"
},
{
"name" : "42999",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42999"
},
{
"name" : "43105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43105"
},
{
"name" : "43118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43118"
},
{
"name" : "60799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60799"
},
{
"name" : "40775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40775"
},
{
"name" : "ADV-2011-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name" : "ADV-2011-0232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0232"
},
{
"name" : "ADV-2011-0279",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name" : "ooo-tga-bo(65441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
},
{
"name": "46031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46031"
},
{
"name": "DSA-2151",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2151"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "43118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43118"
},
{
"name": "43065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43065"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "1025002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025002"
},
{
"name": "ADV-2011-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0232"
},
{
"name": "70718",
"refsource": "OSVDB",
"url": "http://osvdb.org/70718"
},
{
"name": "RHSA-2011:0182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667588",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667588"
},
{
"name": "USN-1056-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1056-1"
},
{
"name": "RHSA-2011:0181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html"
},
{
"name": "ADV-2011-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0279"
},
{
"name": "ooo-tga-bo(65441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65441"
},
{
"name": "43105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43105"
},
{
"name": "MDVSA-2011:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027"
},
{
"name": "42999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42999"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-4643.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-4643.html"
}
]
}
}

230
2011/0xxx/CVE-2011-0074.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619021",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=619021"
},
{
"name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource" : "CONFIRM",
"url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100134543",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100134543"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name" : "DSA-2227",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2227"
},
{
"name" : "DSA-2228",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2228"
},
{
"name" : "DSA-2235",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2235"
},
{
"name" : "MDVSA-2011:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name" : "MDVSA-2011:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name" : "47646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47646"
},
{
"name" : "oval:org.mitre.oval:def:14317",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2228",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2228"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "oval:org.mitre.oval:def:14317",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317"
},
{
"name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name": "DSA-2235",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2235"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100134543",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100134543"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name": "47646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47646"
},
{
"name": "MDVSA-2011:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name": "DSA-2227",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2227"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=619021",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=619021"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
}
]
}
}

210
2011/0xxx/CVE-2011-0101.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka \"Excel Record Parsing WriteAV Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517463/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-120",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-120"
},
{
"name" : "MS11-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47243"
},
{
"name" : "71766",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71766"
},
{
"name" : "oval:org.mitre.oval:def:11676",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11676"
},
{
"name" : "1025337",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025337"
},
{
"name" : "39122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39122"
},
{
"name" : "ADV-2011-0940",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka \"Excel Record Parsing WriteAV Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "39122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39122"
},
{
"name": "71766",
"refsource": "OSVDB",
"url": "http://osvdb.org/71766"
},
{
"name": "20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517463/100/0/threaded"
},
{
"name": "47243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47243"
},
{
"name": "oval:org.mitre.oval:def:11676",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11676"
},
{
"name": "1025337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025337"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-120",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-120"
},
{
"name": "MS11-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021"
},
{
"name": "ADV-2011-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0940"
}
]
}
}

260
2011/0xxx/CVE-2011-0346.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka \"MSHTML Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515506/100/0/threaded"
},
{
"name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html"
},
{
"name" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html",
"refsource" : "MISC",
"url" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html"
},
{
"name" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt",
"refsource" : "MISC",
"url" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt"
},
{
"name" : "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt",
"refsource" : "MISC",
"url" : "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt"
},
{
"name" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt",
"refsource" : "MISC",
"url" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
},
{
"name" : "MS11-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "VU#427980",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/427980"
},
{
"name" : "45639",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45639"
},
{
"name" : "oval:org.mitre.oval:def:11882",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882"
},
{
"name" : "1024940",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024940"
},
{
"name" : "ADV-2011-0026",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0026"
},
{
"name" : "ms-ie-releaseinterface-code-execution(64482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka \"MSHTML Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0026"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html",
"refsource": "MISC",
"url": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
},
{
"name": "oval:org.mitre.oval:def:11882",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882"
},
{
"name": "ms-ie-releaseinterface-code-execution(64482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64482"
},
{
"name": "45639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45639"
},
{
"name": "MS11-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018"
},
{
"name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html"
},
{
"name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515506/100/0/threaded"
},
{
"name": "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt"
},
{
"name": "1024940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024940"
},
{
"name": "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt"
},
{
"name": "VU#427980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/427980"
},
{
"name": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt"
}
]
}
}

140
2011/1xxx/CVE-2011-1282.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "oval:org.mitre.oval:def:12402",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12402",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12402"
},
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "MS11-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056"
}
]
}
}

220
2011/1xxx/CVE-2011-1295.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=74991",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=74991"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"
},
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "47029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47029"
},
{
"name" : "oval:org.mitre.oval:def:14269",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269"
},
{
"name" : "43859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43859"
},
{
"name" : "ADV-2011-0765",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0765"
},
{
"name" : "google-chrome-node-code-exec(66302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0765"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "43859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43859"
},
{
"name": "47029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47029"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html"
},
{
"name": "oval:org.mitre.oval:def:14269",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14269"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "google-chrome-node-code-exec(66302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66302"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=74991",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=74991"
}
]
}
}

200
2011/1xxx/CVE-2011-1732.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110429 ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517766/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-148/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-148/"
},
{
"name" : "HPSBMA02668",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "SSRT100474",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "47638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47638"
},
{
"name" : "72191",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72191"
},
{
"name" : "1025454",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025454"
},
{
"name" : "44402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44402"
},
{
"name" : "openview-storage-code-exec(67205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72191",
"refsource": "OSVDB",
"url": "http://osvdb.org/72191"
},
{
"name": "openview-storage-code-exec(67205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67205"
},
{
"name": "20110429 ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517766/100/0/threaded"
},
{
"name": "47638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47638"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-148/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-148/"
},
{
"name": "HPSBMA02668",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "SSRT100474",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "44402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44402"
},
{
"name": "1025454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025454"
}
]
}
}

160
2011/5xxx/CVE-2011-5004.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=342",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=342"
},
{
"name" : "http://www.ohloh.net/p/3417/commits/145749116",
"refsource" : "CONFIRM",
"url" : "http://www.ohloh.net/p/3417/commits/145749116"
},
{
"name" : "50823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50823"
},
{
"name" : "77371",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77371"
},
{
"name" : "47036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ohloh.net/p/3417/commits/145749116",
"refsource": "CONFIRM",
"url": "http://www.ohloh.net/p/3417/commits/145749116"
},
{
"name": "77371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77371"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=342",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=342"
},
{
"name": "50823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50823"
},
{
"name": "47036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47036"
}
]
}
}

160
2011/5xxx/CVE-2011-5083.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18529",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18529"
},
{
"name" : "http://cxsecurity.com/issue/WLB-2011090012",
"refsource" : "MISC",
"url" : "http://cxsecurity.com/issue/WLB-2011090012"
},
{
"name" : "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396",
"refsource" : "MISC",
"url" : "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396"
},
{
"name" : "52173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52173"
},
{
"name" : "79665",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/79665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79665"
},
{
"name": "http://cxsecurity.com/issue/WLB-2011090012",
"refsource": "MISC",
"url": "http://cxsecurity.com/issue/WLB-2011090012"
},
{
"name": "18529",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18529"
},
{
"name": "52173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52173"
},
{
"name": "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396",
"refsource": "MISC",
"url": "http://vigilance.fr/vulnerability/Dotclear-file-upload-via-swfupload-swf-11396"
}
]
}
}

130
2011/5xxx/CVE-2011-5185.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18035",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18035"
},
{
"name" : "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146",
"refsource" : "CONFIRM",
"url" : "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18035",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18035"
},
{
"name": "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146",
"refsource": "CONFIRM",
"url": "http://onlinesubtitles.svn.sourceforge.net/viewvc/onlinesubtitles/video_comments.php?r1=31&r2=131&pathrev=146"
}
]
}
}

160
2014/3xxx/CVE-2014-3198.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"name" : "https://codereview.chromium.org/560133004",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/560133004"
},
{
"name" : "https://crbug.com/415307",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/415307"
},
{
"name" : "RHSA-2014:1626",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name" : "70273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1626",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name": "https://crbug.com/415307",
"refsource": "CONFIRM",
"url": "https://crbug.com/415307"
},
{
"name": "70273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70273"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/560133004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/560133004"
}
]
}
}

140
2014/3xxx/CVE-2014-3281.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140606 Cisco Unified Communications Domain Manager BVSMWeb Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281"
},
{
"name" : "67925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67925"
},
{
"name" : "58657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58657"
},
{
"name": "67925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67925"
},
{
"name": "20140606 Cisco Unified Communications Domain Manager BVSMWeb Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3281"
}
]
}
}

140
2014/3xxx/CVE-2014-3408.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099"
},
{
"name" : "20141015 Cisco Prime Optical Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408"
},
{
"name" : "70594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70594"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70594"
},
{
"name": "20141015 Cisco Prime Optical Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3408"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36099"
}
]
}
}

34
2014/3xxx/CVE-2014-3762.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3762",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3762",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/3xxx/CVE-2014-3898.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html",
"refsource" : "CONFIRM",
"url" : "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html"
},
{
"name" : "http://jp.fujitsu.com/platform/server/primergy/note/page20.html",
"refsource" : "CONFIRM",
"url" : "http://jp.fujitsu.com/platform/server/primergy/note/page20.html"
},
{
"name" : "JVN#22534185",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN22534185/index.html"
},
{
"name" : "JVNDB-2014-000091",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000091"
},
{
"name" : "59210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000091"
},
{
"name": "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html",
"refsource": "CONFIRM",
"url": "http://jp.fujitsu.com/platform/server/primequest/products/2000/catalog/manual/support/note_140729_svom.html"
},
{
"name": "JVN#22534185",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN22534185/index.html"
},
{
"name": "59210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59210"
},
{
"name": "http://jp.fujitsu.com/platform/server/primergy/note/page20.html",
"refsource": "CONFIRM",
"url": "http://jp.fujitsu.com/platform/server/primergy/note/page20.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6832.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#505761",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/505761"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#505761",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/505761"
}
]
}
}

140
2014/6xxx/CVE-2014-6966.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#402889",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/402889"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The West Bend School District (aka net.parentlink.westbend) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#402889",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/402889"
}
]
}
}

170
2014/7xxx/CVE-2014-7205.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40689",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40689/"
},
{
"name" : "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/30/10"
},
{
"name" : "https://nodesecurity.io/advisories/bassmaster_js_injection",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/bassmaster_js_injection"
},
{
"name" : "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4",
"refsource" : "CONFIRM",
"url" : "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4"
},
{
"name" : "70180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70180"
},
{
"name" : "bassmaster-cve20147205-code-exec(96730)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/bassmaster_js_injection",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/bassmaster_js_injection"
},
{
"name": "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/30/10"
},
{
"name": "70180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70180"
},
{
"name": "bassmaster-cve20147205-code-exec(96730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96730"
},
{
"name": "40689",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40689/"
},
{
"name": "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4",
"refsource": "CONFIRM",
"url": "https://github.com/hapijs/bassmaster/commit/b751602d8cb7194ee62a61e085069679525138c4"
}
]
}
}

330
2014/7xxx/CVE-2014-7841.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/13/6"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163087",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1163087"
},
{
"name" : "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2015-3004.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2015-3004.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2015-3005.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2015-3005.html"
},
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html"
},
{
"name" : "DSA-3093",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3093"
},
{
"name" : "RHSA-2015:0087",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
},
{
"name" : "RHSA-2015:0285",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0285.html"
},
{
"name" : "RHSA-2015:0284",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
},
{
"name" : "RHSA-2015:0102",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
},
{
"name" : "RHSA-2015:0695",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "SUSE-SU-2015:0529",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0652",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name" : "71081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71081"
},
{
"name" : "62305",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62305"
},
{
"name" : "62597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62597"
},
{
"name" : "62735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62735"
},
{
"name": "RHSA-2015:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-3004.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-3004.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"name": "[oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/6"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html"
},
{
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0285",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0285.html"
},
{
"name": "RHSA-2015:0087",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0087.html"
},
{
"name": "DSA-3093",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3093"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "71081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71081"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163087"
},
{
"name": "RHSA-2015:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-3005.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-3005.html"
},
{
"name": "SUSE-SU-2015:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864"
},
{
"name": "62597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62597"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
},
{
"name": "RHSA-2015:0102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
},
{
"name": "62305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62305"
}
]
}
}

130
2014/8xxx/CVE-2014-8012.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141217 Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012"
},
{
"name" : "1031395",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031395",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031395"
},
{
"name": "20141217 Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8012"
}
]
}
}

34
2014/8xxx/CVE-2014-8221.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8221",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8221",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8404.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8404",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8404",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/8xxx/CVE-2014-8540.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141031 Re: CVE request for GitLab groups API",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/31/2"
},
{
"name" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/"
},
{
"name" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd"
},
{
"name" : "70841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70841"
},
{
"name" : "gitlab-cve20148540-security-bypass(98449)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gitlab-cve20148540-security-bypass(98449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98449"
},
{
"name": "70841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70841"
},
{
"name": "[oss-security] 20141031 Re: CVE request for GitLab groups API",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/31/2"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd"
},
{
"name": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/"
}
]
}
}

140
2014/9xxx/CVE-2014-9577.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/76"
},
{
"name" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141218 SEC Consult SA-20141218-0 :: Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/76"
},
{
"name": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt"
}
]
}
}

140
2016/2xxx/CVE-2016-2063.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4",
"refsource" : "CONFIRM",
"url" : "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"
},
{
"name" : "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063"
},
{
"name" : "92381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92381"
},
{
"name": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4",
"refsource": "CONFIRM",
"url": "https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"
},
{
"name": "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/stack-overflow-msm-thermal-driver-allows-kernel-memory-corruption-cve-2016-2063"
}
]
}
}

230
2016/2xxx/CVE-2016-2098.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40086",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40086/"
},
{
"name" : "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name" : "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
},
{
"name" : "DSA-3509",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3509"
},
{
"name" : "SUSE-SU-2016:0854",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name" : "SUSE-SU-2016:0867",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name" : "SUSE-SU-2016:0967",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:0790",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name" : "openSUSE-SU-2016:0835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name" : "SUSE-SU-2016:1146",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name" : "83725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83725"
},
{
"name" : "1035122",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:0867",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
]
}
}

34
2016/2xxx/CVE-2016-2269.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2269",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2269",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2892.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2892",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2892",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/2xxx/CVE-2016-2931.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991876",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991876"
},
{
"name" : "IV89791",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89791"
},
{
"name" : "94984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991876",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991876"
},
{
"name": "IV89791",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89791"
},
{
"name": "94984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94984"
}
]
}
}

146
2016/6xxx/CVE-2016-6089.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MQ",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "File Manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003509",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003509"
},
{
"name" : "98770",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/117926"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003509",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003509"
},
{
"name": "98770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98770"
}
]
}
}

146
2016/6xxx/CVE-2016-6102.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.5"
},
{
"version_value" : "2.6"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.5"
},
{
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22000359",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22000359"
},
{
"name" : "96976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96976"
},
{
"name" : "1038093",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000359."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96976"
},
{
"name": "1038093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038093"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000359",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000359"
}
]
}
}

34
2016/6xxx/CVE-2016-6326.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6326",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/6xxx/CVE-2016-6642.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2016/Sep/17"
},
{
"name" : "92945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92945"
},
{
"name": "20160913 ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Sep/17"
}
]
}
}

34
2017/5xxx/CVE-2017-5273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2017/5xxx/CVE-2017-5660.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-02-27T00:00:00",
"ID" : "CVE-2017-5660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Traffic Server",
"version" : {
"version_data" : [
{
"version_value" : "6.2.0 and prior"
},
{
"version_value" : "7.0.0 and prior"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-27T00:00:00",
"ID": "CVE-2017-5660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_value": "6.2.0 and prior"
},
{
"version_value": "7.0.0 and prior"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20180227 [ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98@%3Cdev.trafficserver.apache.org%3E"
},
{
"name" : "DSA-4128",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4128",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4128"
},
{
"name": "[dev] 20180227 [ANNOUNCE] Apache Traffic Server host header and line folding - CVE-2017-5660",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98@%3Cdev.trafficserver.apache.org%3E"
}
]
}
}

142
2017/5xxx/CVE-2017-5807.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-02T00:00:00",
"ID" : "CVE-2017-5807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Data Protector",
"version" : {
"version_data" : [
{
"version_value" : "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Arbitrary Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-02T00:00:00",
"ID": "CVE-2017-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "prior to 8.17 and 9.09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2017-26",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name" : "100088",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03732en_us"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-26",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-26"
},
{
"name": "100088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100088"
}
]
}
}

190
2017/5xxx/CVE-2017-5844.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777525",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777525"
},
{
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource" : "CONFIRM",
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name" : "DSA-3819",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3819"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:2060",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name" : "96001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96001"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=777525",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777525"
},
{
"name": "DSA-3819",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3819"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
}
]
}
}