admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:05:31 +00:00
parent 0381375e72
commit a650c4c6a0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3723 additions and 3726 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0415.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0415", "ID": "CVE-2001-0415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010320 Password stored in clear text vulnerability in real time stock trading program", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html" "lang": "eng",
}, "value": "REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts."
{ }
"name" : "2495", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2495" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "rediplus-weak-security(6276)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6276" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2495"
},
{
"name": "20010320 Password stored in clear text vulnerability in real time stock trading program",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html"
},
{
"name": "rediplus-weak-security(6276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6276"
}
]
}
}

130
2001/0xxx/CVE-2001-0434.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0434", "ID": "CVE-2001-0434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT0716", "description_data": [
"refsource" : "COMPAQ", {
"url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml" "lang": "eng",
}, "value": "The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service."
{ }
"name" : "compaq-activex-dos(6355)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6355" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "compaq-activex-dos(6355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6355"
},
{
"name": "SSRT0716",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml"
}
]
}
}

140
2001/0xxx/CVE-2001-0514.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0514", "ID": "CVE-2001-0514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/alerts/advise83.php" "lang": "eng",
}, "value": "SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network."
{ }
"name" : "atmel-vnetb-ap-snmp-security(6576)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6576" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2896", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2896" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise83.php"
},
{
"name": "2896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2896"
},
{
"name": "atmel-vnetb-ap-snmp-security(6576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6576"
}
]
}
}

150
2001/0xxx/CVE-2001-0665.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0665", "ID": "CVE-2001-0665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-051", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051" "lang": "eng",
}, "value": "Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the \"HTTP Request Encoding vulnerability.\""
{ }
"name" : "ie-url-http-requests(7259)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3421", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3421" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1972", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/1972" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3421"
},
{
"name": "ie-url-http-requests(7259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7259"
},
{
"name": "1972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1972"
},
{
"name": "MS01-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051"
}
]
}
}

130
2001/0xxx/CVE-2001-0756.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0756", "ID": "CVE-2001-0756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010607 cgisecurity.com Advisory #5 ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html" "lang": "eng",
}, "value": "CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter."
{ }
"name" : "20010611 re: Advisory #5 Corrections.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=99237435902211&w=2" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010611 re: Advisory #5 Corrections.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99237435902211&w=2"
},
{
"refsource": "BUGTRAQ",
"name": "20010607 cgisecurity.com Advisory #5",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html"
}
]
}
}

150
2001/0xxx/CVE-2001-0948.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0948", "ID": "CVE-2001-0948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011204 NMRC Advisory - Multiple Valicert Problems ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100749428517090&w=2" "lang": "eng",
}, "value": "Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed."
{ }
"name" : "http://www.valicert.com/support/security_advisory_eva.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.valicert.com/support/security_advisory_eva.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "eva-admin-script-injection(7650)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3619", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3619" ]
} },
] "references": {
} "reference_data": [
} {
"refsource": "BUGTRAQ",
"name": "20011204 NMRC Advisory - Multiple Valicert Problems",
"url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2"
},
{
"name": "eva-admin-script-injection(7650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7650"
},
{
"name": "http://www.valicert.com/support/security_advisory_eva.html",
"refsource": "CONFIRM",
"url": "http://www.valicert.com/support/security_advisory_eva.html"
},
{
"name": "3619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3619"
}
]
}
}

170
2001/1xxx/CVE-2001-1252.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1252", "ID": "CVE-2001-1252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010928 SNS-43: PGP Keyserver Permissions Misconfiguration", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html" "lang": "eng",
}, "value": "Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory."
{ }
"name" : "http://www.pgp.com/support/product-advisories/keyserver.asp", ]
"refsource" : "CONFIRM", },
"url" : "http://www.pgp.com/support/product-advisories/keyserver.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pgp-keyserver-http-dos(7203)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7203.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3375", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3375" ]
}, },
{ "references": {
"name" : "1955", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/1955" "name": "1955",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/1955"
"name" : "4193", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4193" "name": "20010928 SNS-43: PGP Keyserver Permissions Misconfiguration",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html"
} },
} {
"name": "http://www.pgp.com/support/product-advisories/keyserver.asp",
"refsource": "CONFIRM",
"url": "http://www.pgp.com/support/product-advisories/keyserver.asp"
},
{
"name": "4193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4193"
},
{
"name": "pgp-keyserver-http-dos(7203)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7203.php"
},
{
"name": "3375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3375"
}
]
}
}

130
2001/1xxx/CVE-2001-1363.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1363", "ID": "CVE-2001-1363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz" "lang": "eng",
}, "value": "Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges."
{ }
"name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html"
},
{
"name": "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz",
"refsource": "CONFIRM",
"url": "http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz"
}
]
}
}

140
2001/1xxx/CVE-2001-1520.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1520", "ID": "CVE-2001-1520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011123 Xircom REX6000 PDA Password Retrieval", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html" "lang": "eng",
}, "value": "Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN."
{ }
"name" : "3574", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3574" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "rex6000-pda-password-retrieval(7584)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7584.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20011123 Xircom REX6000 PDA Password Retrieval",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html"
},
{
"name": "3574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3574"
},
{
"name": "rex6000-pda-password-retrieval(7584)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7584.php"
}
]
}
}

150
2006/2xxx/CVE-2006-2168.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2168", "ID": "CVE-2006-2168",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060502 FileProtection Express <= 1.0.1 authentification bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432728/100/0/threaded" "lang": "eng",
}, "value": "FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1."
{ }
"name" : "17786", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17786" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "835", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/835" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "fileprotectionexpress-bypass-auth(26225)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26225" ]
} },
] "references": {
} "reference_data": [
} {
"name": "835",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/835"
},
{
"name": "20060502 FileProtection Express <= 1.0.1 authentification bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432728/100/0/threaded"
},
{
"name": "fileprotectionexpress-bypass-auth(26225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26225"
},
{
"name": "17786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17786"
}
]
}
}

170
2006/2xxx/CVE-2006-2293.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2293", "ID": "CVE-2006-2293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "17903", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17903" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1750", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1750" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25428", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25428" ]
}, },
{ "references": {
"name" : "20030", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20030" "name": "20030",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20030"
"name" : "multicalendars-allcalendars-sql-injection(26362)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26362" "name": "25428",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/25428"
} },
} {
"name": "ADV-2006-1750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1750"
},
{
"name": "17903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17903"
},
{
"name": "multicalendars-allcalendars-sql-injection(26362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26362"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/multicalendars-3.0-sql-inj.txt"
}
]
}
}

160
2006/2xxx/CVE-2006-2306.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2306", "ID": "CVE-2006-2306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "17907", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17907" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "ADV-2006-1751", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1751" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25330", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20006", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20006" ]
}, },
{ "references": {
"name" : "epublisherpro-moreinfo-xss(26344)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26344" "name": "ADV-2006-1751",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1751"
} },
} {
"name": "17907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17907"
},
{
"name": "epublisherpro-moreinfo-xss(26344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26344"
},
{
"name": "25330",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25330"
},
{
"name": "20006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20006"
}
]
}
}

150
2006/6xxx/CVE-2006-6234.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6234", "ID": "CVE-2006-6234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060617 Module's Name Content<<--V1.0 SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437835/100/200/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action."
{ }
"name" : "20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2006-December/001157.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1953", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1953" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpnuke-module-sqlinjection(27501)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060617 Module's Name Content<<--V1.0 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437835/100/200/threaded"
},
{
"name": "1953",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1953"
},
{
"name": "20061201 Old PHP-Nuke/PostNuke SQL injection issues - clarification",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-December/001157.html"
},
{
"name": "phpnuke-module-sqlinjection(27501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27501"
}
]
}
}

140
2006/6xxx/CVE-2006-6549.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6549", "ID": "CVE-2006-6549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as \"\" before use, and the nearby instructions say \"SET THE SAVE PATH by editing the line below.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061212 Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/454175/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as \"\" before use, and the nearby instructions say \"SET THE SAVE PATH by editing the line below.\""
{ }
"name" : "2034", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/2034" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "radupload-upload-file-include(30864)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30864" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "radupload-upload-file-include(30864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30864"
},
{
"name": "20061212 Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454175/100/0/threaded"
},
{
"name": "2034",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2034"
}
]
}
}

120
2011/2xxx/CVE-2011-2042.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-2042", "ID": "CVE-2011-2042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html" "lang": "eng",
} "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
}
]
}
}

180
2011/2xxx/CVE-2011-2494.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2494", "ID": "CVE-2011-2494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: kernel: taskstats/procfs io infoleak", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/1" "lang": "eng",
}, "value": "kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716842", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716842" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043" "name": "[oss-security] 20110627 Re: CVE request: kernel: taskstats/procfs io infoleak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/06/27/1"
"name" : "SUSE-SU-2012:0554", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" "name": "SUSE-SU-2012:0554",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
"name" : "48898", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48898" "name": "48898",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48898"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a51410abe7d0ee4b1d112780f46df87d3621043"
},
{
"name": "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/1a51410abe7d0ee4b1d112780f46df87d3621043"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=716842",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=716842"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
}
]
}
}

150
2011/2xxx/CVE-2011-2610.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2610", "ID": "CVE-2011-2610",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a \"moderately severe issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1150/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1150/" "lang": "eng",
}, "value": "Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a \"moderately severe issue.\""
{ }
"name" : "http://www.opera.com/docs/changelogs/unix/1150/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/unix/1150/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/1150/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/1150/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48568", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48568" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.opera.com/docs/changelogs/windows/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1150/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1150/"
},
{
"name": "48568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48568"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1150/"
}
]
}
}

180
2011/2xxx/CVE-2011-2907.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2907", "ID": "CVE-2011-2907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/08/11/1" "lang": "eng",
}, "value": "Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 3.0.1 and earlier allows remote attackers to bypass host-based authentication and submit arbitrary jobs via a modified PBS_O_HOST variable to the qsub program."
{ }
"name" : "[torqueusers] 20110809 TORQUE authorization security vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296", "description": [
"refsource" : "MISC", {
"url" : "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=713090", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=713090" ]
}, },
{ "references": {
"name" : "49119", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49119" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=713090",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713090"
"name" : "45524", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45524" "name": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296",
}, "refsource": "MISC",
{ "url": "https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2011-2296"
"name" : "torque-resource-manager-pbsohost-sec-bypass(69138)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138" "name": "[torqueusers] 20110809 TORQUE authorization security vulnerability",
} "refsource": "MLIST",
] "url": "http://www.clusterresources.com/pipermail/torqueusers/2011-August/013194.html"
} },
} {
"name": "49119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49119"
},
{
"name": "45524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45524"
},
{
"name": "torque-resource-manager-pbsohost-sec-bypass(69138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69138"
},
{
"name": "[oss-security] 20110810 CVE-2011-2907: authentication bypass in torque",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/08/11/1"
}
]
}
}

34
2011/2xxx/CVE-2011-2967.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-2967", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-2967",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

210
2011/3xxx/CVE-2011-3027.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3027", "ID": "CVE-2011-3027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=112847", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=112847" "lang": "eng",
}, "value": "Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5400", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5485" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT5503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-07-25-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "APPLE-SA-2012-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "oval:org.mitre.oval:def:14955",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14955"
"name" : "oval:org.mitre.oval:def:14955", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14955" "name": "APPLE-SA-2012-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
"name" : "48016", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48016" "name": "http://code.google.com/p/chromium/issues/detail?id=112847",
} "refsource": "CONFIRM",
] "url": "http://code.google.com/p/chromium/issues/detail?id=112847"
} },
} {
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
},
{
"name": "48016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48016"
}
]
}
}

280
2011/3xxx/CVE-2011-3053.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3053", "ID": "CVE-2011-3053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=116746", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=116746" "lang": "eng",
}, "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5400", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5485" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT5503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "80291",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80291"
"name" : "APPLE-SA-2012-07-25-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "GLSA-201203-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" "name": "chrome-block-splitting-code-exec(74213)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74213"
"name" : "openSUSE-SU-2012:0466", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" "name": "48527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48527"
"name" : "52674", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52674" "name": "http://code.google.com/p/chromium/issues/detail?id=116746",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=116746"
"name" : "80291", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80291" "name": "openSUSE-SU-2012:0466",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
"name" : "oval:org.mitre.oval:def:14658", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658" "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
"name" : "1026841", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026841" "name": "APPLE-SA-2012-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
"name" : "48512", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48512" "name": "APPLE-SA-2012-07-25-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
"name" : "48527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48527" "name": "1026841",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026841"
"name" : "chrome-block-splitting-code-exec(74213)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74213" "name": "52674",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52674"
} },
} {
"name": "GLSA-201203-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "oval:org.mitre.oval:def:14658",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658"
},
{
"name": "48512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48512"
}
]
}
}

150
2011/3xxx/CVE-2011-3257.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-3257", "ID": "CVE-2011-3257",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4999", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4999" "lang": "eng",
}, "value": "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie."
{ }
"name" : "APPLE-SA-2011-10-12-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76325", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76325" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "appleios-data-access-info-disc(70553)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553" ]
} },
] "references": {
} "reference_data": [
} {
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-data-access-info-disc(70553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76325",
"refsource": "OSVDB",
"url": "http://osvdb.org/76325"
}
]
}
}

130
2011/3xxx/CVE-2011-3274.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-3274", "ID": "CVE-2011-3274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125" "lang": "eng",
}, "value": "Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919."
{ }
"name" : "20110928 Cisco IOS Software IPv6 over MPLS Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24125"
},
{
"name": "20110928 Cisco IOS Software IPv6 over MPLS Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d52.shtml"
}
]
}
}

260
2011/3xxx/CVE-2011-3919.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3919", "ID": "CVE-2011-3919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=107128", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=107128" "lang": "eng",
}, "value": "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5281", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5281" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5503", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5503" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-05-09-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" "name": "51300",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51300"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "oval:org.mitre.oval:def:14504",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504"
"name" : "DSA-2394", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2394" "name": "SUSE-SU-2013:1627",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
"name" : "MDVSA-2012:005", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:005" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "RHSA-2013:0217", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "SUSE-SU-2013:1627", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" "name": "RHSA-2013:0217",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
"name" : "51300", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51300" "name": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html"
"name" : "oval:org.mitre.oval:def:14504", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504" "name": "http://code.google.com/p/chromium/issues/detail?id=107128",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=107128"
"name" : "1026487", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026487" "name": "55568",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55568"
"name" : "47449", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47449" "name": "MDVSA-2012:005",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:005"
"name" : "55568", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55568" "name": "1026487",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1026487"
} },
} {
"name": "47449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47449"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2394",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2394"
}
]
}
}

34
2011/4xxx/CVE-2011-4233.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4233", "ID": "CVE-2011-4233",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/4xxx/CVE-2011-4443.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4443", "ID": "CVE-2011-4443",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

270
2013/0xxx/CVE-2013-0292.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0292", "ID": "CVE-2013-0292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33614", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/33614" "lang": "eng",
}, "value": "The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal."
{ }
"name" : "[oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/02/15/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658", "description": [
"refsource" : "MISC", {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca", ]
"refsource" : "CONFIRM", }
"url" : "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca" ]
}, },
{ "references": {
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=60916", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=60916" "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" "name": "33614",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/33614"
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", },
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" "name": "MDVSA-2013:071",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:071"
"name" : "MDVSA-2013:071", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:071" "name": "52225",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52225"
"name" : "RHSA-2013:0568", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0568.html" "name": "dbus-message-sender-priv-esc(82135)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82135"
"name" : "USN-1753-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1753-1" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658",
}, "refsource": "MISC",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=911658"
"name" : "57985", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57985" "name": "52375",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52375"
"name" : "90302", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/90302" "name": "USN-1753-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1753-1"
"name" : "52225", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52225" "name": "RHSA-2013:0568",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0568.html"
"name" : "52375", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52375" "name": "57985",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57985"
"name" : "52404", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52404" "name": "52404",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52404"
"name" : "dbus-message-sender-priv-esc(82135)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82135" "name": "[oss-security] 20130215 CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/02/15/10"
} },
} {
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "90302",
"refsource": "OSVDB",
"url": "http://osvdb.org/90302"
},
{
"name": "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/dbus/dbus-glib/commit/?id=166978a09cf5edff4028e670b6074215a4c75eca"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=60916",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=60916"
}
]
}
}

140
2013/1xxx/CVE-2013-1317.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1317", "ID": "CVE-2013-1317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka \"Publisher Integer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-042", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" "lang": "eng",
}, "value": "Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka \"Publisher Integer Overflow Vulnerability.\""
{ }
"name" : "TA13-134A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16548", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name": "oval:org.mitre.oval:def:16548",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548"
},
{
"name": "MS13-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042"
}
]
}
}

140
2013/1xxx/CVE-2013-1336.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1336", "ID": "CVE-2013-1336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-040", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040" "lang": "eng",
}, "value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka \"XML Digital Signature Spoofing Vulnerability.\""
{ }
"name" : "TA13-134A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16559", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name": "MS13-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040"
},
{
"name": "oval:org.mitre.oval:def:16559",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16559"
}
]
}
}

280
2013/1xxx/CVE-2013-1687.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-1687", "ID": "CVE-2013-1687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html" "lang": "eng",
}, "value": "The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=863933", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=863933" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866823", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866823" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2716", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2716" ]
}, },
{ "references": {
"name" : "DSA-2720", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2720" "name": "oval:org.mitre.oval:def:17117",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17117"
"name" : "RHSA-2013:0981", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=866823",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866823"
"name" : "RHSA-2013:0982", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" "name": "USN-1890-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1890-1"
"name" : "SUSE-SU-2013:1152", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" "name": "RHSA-2013:0982",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
"name" : "SUSE-SU-2013:1153", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" "name": "SUSE-SU-2013:1153",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"
"name" : "openSUSE-SU-2013:1140", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-51.html"
"name" : "openSUSE-SU-2013:1141", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" "name": "SUSE-SU-2013:1152",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"
"name" : "openSUSE-SU-2013:1142", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" "name": "RHSA-2013:0981",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
"name" : "openSUSE-SU-2013:1143", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" "name": "USN-1891-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1891-1"
"name" : "USN-1890-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1890-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=863933",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=863933"
"name" : "USN-1891-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1891-1" "name": "openSUSE-SU-2013:1141",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
"name" : "60777", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60777" "name": "DSA-2716",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2716"
"name" : "oval:org.mitre.oval:def:17117", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17117" "name": "openSUSE-SU-2013:1142",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
} },
} {
"name": "openSUSE-SU-2013:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name": "DSA-2720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2720"
},
{
"name": "60777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60777"
},
{
"name": "openSUSE-SU-2013:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
}
]
}
}

120
2013/5xxx/CVE-2013-5048.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-5048", "ID": "CVE-2013-5048",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-5047."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-097", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" "lang": "eng",
} "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-5047."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-097",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097"
}
]
}
}

120
2013/5xxx/CVE-2013-5051.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-5051", "ID": "CVE-2013-5051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-097", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" "lang": "eng",
} "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-097",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097"
}
]
}
}

160
2013/5xxx/CVE-2013-5131.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5131", "ID": "CVE-2013-5131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "APPLE-SA-2013-09-18-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-10-22-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029054", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029054" ]
}, },
{ "references": {
"name" : "54886", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "1029054",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029054"
} },
} {
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

180
2013/5xxx/CVE-2013-5881.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5881", "ID": "CVE-2013-5881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431."
{ }
"name" : "GLSA-201409-04", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64758", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64758" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "64885", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/64885" ]
}, },
{ "references": {
"name" : "102066", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102066" "name": "56491",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56491"
"name" : "56491", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56491" "name": "oracle-cpujan2014-cve20135881(90377)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90377"
"name" : "oracle-cpujan2014-cve20135881(90377)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90377" "name": "64885",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/64885"
} },
} {
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "102066",
"refsource": "OSVDB",
"url": "http://osvdb.org/102066"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
}

34
2014/2xxx/CVE-2014-2937.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-2937", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-2937",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2014/6xxx/CVE-2014-6509.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6509", "ID": "CVE-2014-6509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel."
{ }
"name" : "1031583", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1031583" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031583"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

140
2017/0xxx/CVE-2017-0374.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-0374", "ID": "CVE-2017-0374",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "libconfig-model-perl", "product_name": "libconfig-model-perl",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "libconfig-model-perl" "version_value": "libconfig-model-perl"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "untrusted include directory"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" "lang": "eng",
}, "value": "lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array."
{ }
"name" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573", ]
"refsource" : "CONFIRM", },
"url" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0374", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0374" "lang": "eng",
} "value": "untrusted include directory"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0374",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0374"
},
{
"name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573"
}
]
}
}

132
2017/0xxx/CVE-2017-0787.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00", "DATE_PUBLIC": "2017-09-05T00:00:00",
"ID" : "CVE-2017-0787", "ID": "CVE-2017-0787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android kernel" "version_value": "Android kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "lang": "eng",
}, "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104."
{ }
"name" : "100655", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100655" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100655"
}
]
}
}

190
2017/0xxx/CVE-2017-0815.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00", "DATE_PUBLIC": "2017-10-02T00:00:00",
"ID" : "CVE-2017-0815", "ID": "CVE-2017-0815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.4.4" "version_value": "4.4.4"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04" "lang": "eng",
}, "value": "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567."
{ }
"name" : "https://source.android.com/security/bulletin/2017-10-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-10-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101088", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101088" "lang": "eng",
} "value": "Information disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04"
},
{
"name": "https://source.android.com/security/bulletin/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"name": "101088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101088"
}
]
}
}

130
2017/0xxx/CVE-2017-0893.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2017-0893", "ID": "CVE-2017-0893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nextcloud Server", "product_name": "Nextcloud Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 9.0.58 and 10.0.5 and 11.0.3" "version_value": "before 9.0.58 and 10.0.5 and 11.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nextcloud" "vendor_name": "Nextcloud"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/222838", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/222838" "lang": "eng",
}, "value": "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers."
{ }
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010", ]
"refsource" : "CONFIRM", },
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-010"
},
{
"name": "https://hackerone.com/reports/222838",
"refsource": "MISC",
"url": "https://hackerone.com/reports/222838"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000038.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.286752", "DATE_ASSIGNED": "2017-05-06T20:43:28.286752",
"ID" : "CVE-2017-1000038", "ID": "CVE-2017-1000038",
"REQUESTER" : "tom@dxw.com", "REQUESTER": "tom@dxw.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Relevanssi", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.5.7.1" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mikko Saari" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/", "description_data": [
"refsource" : "MISC", {
"url" : "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/" "lang": "eng",
} "value": "WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site"
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do/"
}
]
}
}

164
2017/1000xxx/CVE-2017-1000050.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.297805", "DATE_ASSIGNED": "2017-05-06T20:43:28.297805",
"ID" : "CVE-2017-1000050", "ID": "CVE-2017-1000050",
"REQUESTER" : "sasadeu1@umbc.edu", "REQUESTER": "sasadeu1@umbc.edu",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "JasPer Image Processing/Coding Tool Kit", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0.12" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "JasPer" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Null Pointer Defererence (Failure to handle exceptional conditions)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/03/06/1" "lang": "eng",
}, "value": "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service."
{ }
"name" : "RHSA-2018:3253", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3253" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3505", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3505" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3693-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3693-1/" ]
}, },
{ "references": {
"name" : "96595", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96595" "name": "[oss-security] 20170305 CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2017/03/06/1"
} },
} {
"name": "RHSA-2018:3253",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3253"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "96595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96595"
},
{
"name": "USN-3693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3693-1/"
}
]
}
}

147
2017/1000xxx/CVE-2017-1000098.json
View File

@ -1,77 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-09", "DATE_ASSIGNED": "2017-08-09",
"ID" : "CVE-2017-1000098", "ID": "CVE-2017-1000098",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Go", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.6.3" "version_value": "n/a"
}, }
{ ]
"version_value" : "1.7.3" }
} }
] ]
} },
} "vendor_name": "n/a"
] }
},
"vendor_name" : "Go"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given \"maxMemory\" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://golang.org/cl/30410", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://golang.org/cl/30410" "lang": "eng",
}, "value": "The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given \"maxMemory\" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors."
{ }
"name" : "https://golang.org/issue/17965", ]
"refsource" : "CONFIRM", },
"url" : "https://golang.org/issue/17965" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ"
},
{
"name": "https://golang.org/issue/17965",
"refsource": "CONFIRM",
"url": "https://golang.org/issue/17965"
},
{
"name": "https://golang.org/cl/30410",
"refsource": "CONFIRM",
"url": "https://golang.org/cl/30410"
}
]
}
}

34
2017/12xxx/CVE-2017-12409.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12409", "ID": "CVE-2017-12409",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/16xxx/CVE-2017-16388.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-16388", "ID": "CVE-2017-16388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "101818", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101818" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039791", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039791" "lang": "eng",
} "value": "Use After Free"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101818"
},
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
}
]
}
}

142
2017/16xxx/CVE-2017-16682.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cna@sap.com", "ASSIGNER": "cna@sap.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-16682", "ID": "CVE-2017-16682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SAP NetWeaver Internet Transaction Server (ITS)", "product_name": "SAP NetWeaver Internet Transaction Server (ITS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52" "version_value": "from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SAP" "vendor_name": "SAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/" "lang": "eng",
}, "value": "SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application."
{ }
"name" : "https://launchpad.support.sap.com/#/notes/2526781", ]
"refsource" : "CONFIRM", },
"url" : "https://launchpad.support.sap.com/#/notes/2526781" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102143", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102143" "lang": "eng",
} "value": "Code Injection"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102143"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2526781",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2526781"
}
]
}
}

34
2017/16xxx/CVE-2017-16888.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16888", "ID": "CVE-2017-16888",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1542.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1542", "ID": "CVE-2017-1542",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2017/1xxx/CVE-2017-1769.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-22T00:00:00", "DATE_PUBLIC": "2018-01-22T00:00:00",
"ID" : "CVE-2017-1769", "ID": "CVE-2017-1769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Business Process Manager", "product_name": "Business Process Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.6" "version_value": "8.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783" "lang": "eng",
}, "value": "IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22011579", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011579" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102777", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102777" "lang": "eng",
}, "value": "Gain Access"
{ }
"name" : "1040298", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040298" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1040298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040298"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136783"
},
{
"name": "102777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102777"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22011579",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011579"
}
]
}
}

34
2017/4xxx/CVE-2017-4652.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4652", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4652",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4742.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4742", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4742",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

140
2017/4xxx/CVE-2017-4898.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@vmware.com", "ASSIGNER": "security@vmware.com",
"ID" : "CVE-2017-4898", "ID": "CVE-2017-4898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Workstation Pro/Player", "product_name": "Workstation Pro/Player",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.x prior to version 12.5.3" "version_value": "12.x prior to version 12.5.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VMware" "vendor_name": "VMware"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Hijack"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html" "lang": "eng",
}, "value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
{ }
"name" : "96772", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96772" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037979", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037979" "lang": "eng",
} "value": "DLL Hijack"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}

142
2017/4xxx/CVE-2017-4926.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@vmware.com", "ASSIGNER": "security@vmware.com",
"DATE_PUBLIC" : "2017-09-14T00:00:00", "DATE_PUBLIC": "2017-09-14T00:00:00",
"ID" : "CVE-2017-4926", "ID": "CVE-2017-4926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "vCenter Server", "product_name": "vCenter Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.5 prior to 6.5 U1" "version_value": "6.5 prior to 6.5 U1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VMware" "vendor_name": "VMware"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored XSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vmware.com/security/advisories/VMSA-2017-0015.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0015.html" "lang": "eng",
}, "value": "VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page."
{ }
"name" : "100844", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039364", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039364" "lang": "eng",
} "value": "Stored XSS"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039364"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0015.html"
},
{
"name": "100844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100844"
}
]
}
}

150
2018/5xxx/CVE-2018-5736.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-officer@isc.org", "ASSIGNER": "security-officer@isc.org",
"ID" : "CVE-2018-5736", "ID": "CVE-2018-5736",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.isc.org/docs/aa-01602", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.isc.org/docs/aa-01602" "lang": "eng",
}, "value": "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180926-0004/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180926-0004/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104386", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104386" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1040941", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040941" ]
} },
] "references": {
} "reference_data": [
} {
"name": "104386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104386"
},
{
"name": "1040941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040941"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0004/"
},
{
"name": "https://kb.isc.org/docs/aa-01602",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01602"
}
]
}
}