admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:25:40 +00:00
parent 6f39d0c36d
commit ae274a3c64
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3349 additions and 3349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/2xxx/CVE-2006-2267.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the \"email protocol inspectors,\" possibly (1) SMTP and (2) POP3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060507 Kerio WinRoute Firewall Protocol Inspection Denial",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433585/100/0/threaded"
},
{
"name" : "http://www.kerio.com/kwf_history.html",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/kwf_history.html"
},
{
"name" : "17859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17859"
},
{
"name" : "ADV-2006-1677",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1677"
},
{
"name" : "25300",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25300"
},
{
"name" : "25273",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25273"
},
{
"name" : "1016032",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016032"
},
{
"name" : "19947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19947"
},
{
"name" : "kerio-winroute-email-dos(26263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the \"email protocol inspectors,\" possibly (1) SMTP and (2) POP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17859"
},
{
"name": "http://www.kerio.com/kwf_history.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/kwf_history.html"
},
{
"name": "1016032",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016032"
},
{
"name": "kerio-winroute-email-dos(26263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26263"
},
{
"name": "ADV-2006-1677",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1677"
},
{
"name": "25273",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25273"
},
{
"name": "19947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19947"
},
{
"name": "25300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25300"
},
{
"name": "20060507 Kerio WinRoute Firewall Protocol Inspection Denial",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433585/100/0/threaded"
}
]
}
}

170
2006/2xxx/CVE-2006-2673.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060524 Bulletin Board Elite-Board v.1.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435013/100/0/threaded"
},
{
"name" : "18103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18103"
},
{
"name" : "ADV-2006-1980",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1980"
},
{
"name" : "20289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20289"
},
{
"name" : "987",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/987"
},
{
"name" : "eliteboard-search-xss(26675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18103"
},
{
"name": "20060524 Bulletin Board Elite-Board v.1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435013/100/0/threaded"
},
{
"name": "eliteboard-search-xss(26675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26675"
},
{
"name": "987",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/987"
},
{
"name": "20289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20289"
},
{
"name": "ADV-2006-1980",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1980"
}
]
}
}

130
2006/2xxx/CVE-2006-2797.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1818",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1818"
},
{
"name" : "phpcommunitycalendar-multiple-sql-injection(26648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpcommunitycalendar-multiple-sql-injection(26648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26648"
},
{
"name": "1818",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1818"
}
]
}
}

230
2006/3xxx/CVE-2006-3097.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02115",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/437401/100/0/threaded"
},
{
"name" : "SSRT061077",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/437401/100/0/threaded"
},
{
"name" : "18457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18457"
},
{
"name" : "oval:org.mitre.oval:def:5627",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5627"
},
{
"name" : "ADV-2006-2406",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2406"
},
{
"name" : "ADV-2006-3292",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3292"
},
{
"name" : "26622",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26622"
},
{
"name" : "1016307",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016307"
},
{
"name" : "20711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20711"
},
{
"name" : "21491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21491"
},
{
"name" : "1119",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1119"
},
{
"name" : "hp-stm-unspecified-dos(27314)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2406"
},
{
"name": "1119",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1119"
},
{
"name": "1016307",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016307"
},
{
"name": "hp-stm-unspecified-dos(27314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27314"
},
{
"name": "26622",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26622"
},
{
"name": "HPSBUX02115",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/437401/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5627",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5627"
},
{
"name": "21491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21491"
},
{
"name": "20711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20711"
},
{
"name": "18457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18457"
},
{
"name": "SSRT061077",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/437401/100/0/threaded"
},
{
"name": "ADV-2006-3292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3292"
}
]
}
}

210
2006/3xxx/CVE-2006-3573.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060706 Format string bug in Sparklet 0.9.4try3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439475/100/100/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/sparkletfs-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/sparkletfs-adv.txt"
},
{
"name" : "18862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18862"
},
{
"name" : "18949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18949"
},
{
"name" : "ADV-2006-2695",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2695"
},
{
"name" : "ADV-2006-2763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2763"
},
{
"name" : "27038",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27038"
},
{
"name" : "1016443",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016443"
},
{
"name" : "20974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20974"
},
{
"name" : "sparklet-writetext-format-string(27603)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18949"
},
{
"name": "sparklet-writetext-format-string(27603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27603"
},
{
"name": "1016443",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016443"
},
{
"name": "20060706 Format string bug in Sparklet 0.9.4try3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439475/100/100/threaded"
},
{
"name": "20974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20974"
},
{
"name": "27038",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27038"
},
{
"name": "ADV-2006-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2763"
},
{
"name": "http://aluigi.altervista.org/adv/sparkletfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/sparkletfs-adv.txt"
},
{
"name": "18862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18862"
},
{
"name": "ADV-2006-2695",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2695"
}
]
}
}

210
2006/3xxx/CVE-2006-3996.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060730 ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name" : "http://atutor.ca/news.php#010806",
"refsource" : "MISC",
"url" : "http://atutor.ca/news.php#010806"
},
{
"name" : "http://retrogod.altervista.org/atutor_1531_sql.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name" : "2088",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2088"
},
{
"name" : "19232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19232"
},
{
"name" : "ADV-2006-3074",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name" : "27665",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27665"
},
{
"name" : "21308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21308"
},
{
"name" : "1330",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1330"
},
{
"name" : "atutor-orderby-sql-injection(28082)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21308"
},
{
"name": "http://retrogod.altervista.org/atutor_1531_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"name": "http://atutor.ca/news.php#010806",
"refsource": "MISC",
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2088"
}
]
}
}

160
2006/4xxx/CVE-2006-4578.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name" : "21870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21870"
},
{
"name" : "32563",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32563"
},
{
"name" : "21694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21694"
},
{
"name" : "tab-mysql-password-info-disclosure(31244)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tab-mysql-password-info-disclosure(31244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31244"
},
{
"name": "http://secunia.com/secunia_research/2006-76/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-76/advisory/"
},
{
"name": "32563",
"refsource": "OSVDB",
"url": "http://osvdb.org/32563"
},
{
"name": "21870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21870"
},
{
"name": "21694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21694"
}
]
}
}

150
2006/6xxx/CVE-2006-6351.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061202 KhaledMuratList mdb",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453328/100/0/threaded"
},
{
"name" : "23310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23310"
},
{
"name" : "1999",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1999"
},
{
"name" : "khaledmuratlist-mdb-file-disclosure(30661)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "khaledmuratlist-mdb-file-disclosure(30661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30661"
},
{
"name": "20061202 KhaledMuratList mdb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453328/100/0/threaded"
},
{
"name": "23310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23310"
},
{
"name": "1999",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1999"
}
]
}
}

170
2006/6xxx/CVE-2006-6566.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2904",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2904"
},
{
"name" : "2918",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2918"
},
{
"name" : "20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-December/001176.html"
},
{
"name" : "ADV-2006-4928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4928"
},
{
"name" : "ADV-2006-4946",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4946"
},
{
"name" : "mxbbcpanel-profilcp-file-include(30821)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mxbbcpanel-profilcp-file-include(30821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30821"
},
{
"name": "2918",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2918"
},
{
"name": "ADV-2006-4928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4928"
},
{
"name": "2904",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2904"
},
{
"name": "ADV-2006-4946",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4946"
},
{
"name": "20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-December/001176.html"
}
]
}
}

150
2006/6xxx/CVE-2006-6820.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2995",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2995"
},
{
"name" : "21739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21739"
},
{
"name" : "ADV-2006-5155",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5155"
},
{
"name" : "23517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5155"
},
{
"name": "2995",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2995"
},
{
"name": "23517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23517"
},
{
"name": "21739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21739"
}
]
}
}

160
2006/6xxx/CVE-2006-6848.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3035",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3035"
},
{
"name" : "21807",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21807"
},
{
"name" : "ADV-2006-5200",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5200"
},
{
"name" : "23573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23573"
},
{
"name" : "aspticker-admin-sql-injection(31152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5200",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5200"
},
{
"name": "3035",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3035"
},
{
"name": "aspticker-admin-sql-injection(31152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31152"
},
{
"name": "21807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21807"
},
{
"name": "23573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23573"
}
]
}
}

280
2006/7xxx/CVE-2006-7196.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-7196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478491/100/0/threaded"
},
{
"name" : "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478609/100/0/threaded"
},
{
"name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
},
{
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource" : "CONFIRM",
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource" : "CONFIRM",
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "SUSE-SR:2008:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name" : "25531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25531"
},
{
"name" : "ADV-2007-1729",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1729"
},
{
"name" : "ADV-2009-0233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name" : "34888",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34888"
},
{
"name" : "29242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29242"
},
{
"name" : "33668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "34888",
"refsource": "OSVDB",
"url": "http://osvdb.org/34888"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "33668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33668"
},
{
"name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name": "25531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25531"
},
{
"name": "ADV-2007-1729",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1729"
},
{
"name": "ADV-2009-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm"
},
{
"name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
}
]
}
}

120
2010/2xxx/CVE-2010-2830.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100922 Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a310.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100922 Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a310.shtml"
}
]
}
}

240
2011/0xxx/CVE-2011-0049.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
},
{
"name" : "16103",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16103"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628064",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
},
{
"name" : "https://sitewat.ch/en/Advisory/View/1",
"refsource" : "MISC",
"url" : "https://sitewat.ch/en/Advisory/View/1"
},
{
"name" : "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481",
"refsource" : "MISC",
"url" : "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
},
{
"name" : "VU#363726",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/363726"
},
{
"name" : "46127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46127"
},
{
"name" : "70762",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70762"
},
{
"name" : "1025024",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025024"
},
{
"name" : "43125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43125"
},
{
"name" : "8061",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8061"
},
{
"name" : "ADV-2011-0288",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0288"
},
{
"name" : "majordomo-listfile-directory-traversal(65113)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0288"
},
{
"name": "VU#363726",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/363726"
},
{
"name": "46127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46127"
},
{
"name": "https://sitewat.ch/en/Advisory/View/1",
"refsource": "MISC",
"url": "https://sitewat.ch/en/Advisory/View/1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064"
},
{
"name": "43125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43125"
},
{
"name": "majordomo-listfile-directory-traversal(65113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113"
},
{
"name": "1025024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025024"
},
{
"name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded"
},
{
"name": "16103",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16103"
},
{
"name": "8061",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8061"
},
{
"name": "70762",
"refsource": "OSVDB",
"url": "http://osvdb.org/70762"
},
{
"name": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481",
"refsource": "MISC",
"url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481"
}
]
}
}

220
2011/0xxx/CVE-2011-0521.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "[oss-security] 20110125 Linux kernel av7110 negative array offset",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/24/2"
},
{
"name" : "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/25/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "45986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45986"
},
{
"name" : "1025195",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025195"
},
{
"name" : "43009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43009"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "kernel-av7110ca-privilege-escalation(64988)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45986"
},
{
"name": "1025195",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025195"
},
{
"name": "[oss-security] 20110125 Linux kernel av7110 negative array offset",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/24/2"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "kernel-av7110ca-privilege-escalation(64988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988"
},
{
"name": "43009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43009"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2"
},
{
"name": "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/25/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644"
}
]
}
}

290
2011/0xxx/CVE-2011-0533.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516342/100/0/threaded"
},
{
"name" : "20110216 [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516474/100/0/threaded"
},
{
"name" : "20110211 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Feb/236"
},
{
"name" : "[continuum-users] 20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360@apache.org%3E"
},
{
"name" : "http://continuum.apache.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://continuum.apache.org/security.html"
},
{
"name" : "http://jira.codehaus.org/browse/CONTINUUM-2604",
"refsource" : "CONFIRM",
"url" : "http://jira.codehaus.org/browse/CONTINUUM-2604"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1066053",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1066053"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1066056",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1066056"
},
{
"name" : "46311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46311"
},
{
"name" : "70925",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70925"
},
{
"name" : "oval:org.mitre.oval:def:12581",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581"
},
{
"name" : "1025065",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025065"
},
{
"name" : "43261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43261"
},
{
"name" : "43334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43334"
},
{
"name" : "8091",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8091"
},
{
"name" : "ADV-2011-0373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0373"
},
{
"name" : "ADV-2011-0426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0426"
},
{
"name" : "continuum-unspec-xss(65343)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65343"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70925",
"refsource": "OSVDB",
"url": "http://osvdb.org/70925"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1066056",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1066056"
},
{
"name": "46311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46311"
},
{
"name": "43261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43261"
},
{
"name": "http://jira.codehaus.org/browse/CONTINUUM-2604",
"refsource": "CONFIRM",
"url": "http://jira.codehaus.org/browse/CONTINUUM-2604"
},
{
"name": "[continuum-users] 20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360@apache.org%3E"
},
{
"name": "ADV-2011-0373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0373"
},
{
"name": "1025065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025065"
},
{
"name": "20110216 [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516474/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:12581",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581"
},
{
"name": "8091",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8091"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1066053",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1066053"
},
{
"name": "ADV-2011-0426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0426"
},
{
"name": "43334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43334"
},
{
"name": "continuum-unspec-xss(65343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65343"
},
{
"name": "20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516342/100/0/threaded"
},
{
"name": "http://continuum.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://continuum.apache.org/security.html"
},
{
"name": "20110211 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Feb/236"
}
]
}
}

34
2011/1xxx/CVE-2011-1351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2011/1xxx/CVE-2011-1893.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
},
{
"name" : "TA11-256A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
},
{
"name" : "oval:org.mitre.oval:def:12676",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074"
},
{
"name": "oval:org.mitre.oval:def:12676",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676"
},
{
"name": "TA11-256A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html"
}
]
}
}

220
2011/3xxx/CVE-2011-3052.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=116637",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=116637"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"name" : "GLSA-201203-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name" : "openSUSE-SU-2012:0466",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"name" : "52674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52674"
},
{
"name" : "80290",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80290"
},
{
"name" : "oval:org.mitre.oval:def:14819",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819"
},
{
"name" : "1026841",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026841"
},
{
"name" : "48512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48512"
},
{
"name" : "48527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48527"
},
{
"name" : "google-webgl-canvas-code-exec(74212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80290",
"refsource": "OSVDB",
"url": "http://osvdb.org/80290"
},
{
"name": "48527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48527"
},
{
"name": "openSUSE-SU-2012:0466",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=116637",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=116637"
},
{
"name": "1026841",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026841"
},
{
"name": "52674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52674"
},
{
"name": "GLSA-201203-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name": "oval:org.mitre.oval:def:14819",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819"
},
{
"name": "48512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48512"
},
{
"name": "google-webgl-canvas-code-exec(74212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74212"
}
]
}
}

200
2011/3xxx/CVE-2011-3063.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=117417",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=117417"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html"
},
{
"name" : "52762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52762"
},
{
"name" : "oval:org.mitre.oval:def:15226",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226"
},
{
"name" : "1026877",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026877"
},
{
"name" : "48618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48618"
},
{
"name" : "48691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48691"
},
{
"name" : "48763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48763"
},
{
"name" : "chrome-renderer-sec-bypass(74413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15226",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226"
},
{
"name": "1026877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026877"
},
{
"name": "48618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48618"
},
{
"name": "48691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48691"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=117417",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=117417"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html"
},
{
"name": "52762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52762"
},
{
"name": "chrome-renderer-sec-bypass(74413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74413"
},
{
"name": "48763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48763"
}
]
}
}

160
2011/3xxx/CVE-2011-3412.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka \"Publisher Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-091",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091"
},
{
"name" : "TA11-347A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name" : "VU#361441",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/361441"
},
{
"name" : "oval:org.mitre.oval:def:14808",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14808"
},
{
"name" : "1026414",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka \"Publisher Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-347A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "VU#361441",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361441"
},
{
"name": "1026414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026414"
},
{
"name": "oval:org.mitre.oval:def:14808",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14808"
},
{
"name": "MS11-091",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091"
}
]
}
}

130
2011/4xxx/CVE-2011-4054.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B"
},
{
"name" : "VU#713012",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/713012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#713012",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713012"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B"
}
]
}
}

160
2011/4xxx/CVE-2011-4348.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120305 CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/05/2"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=757143",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=757143"
},
{
"name" : "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29"
},
{
"name": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6"
},
{
"name": "[oss-security] 20120305 CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=757143",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=757143"
}
]
}
}

34
2011/4xxx/CVE-2011-4479.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4479",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4479",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2011/4xxx/CVE-2011-4703.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html",
"refsource" : "MISC",
"url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html"
}
]
}
}

130
2011/4xxx/CVE-2011-4732.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html"
},
{
"name" : "plesk-server-charset-unspecified(72327)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html"
},
{
"name": "plesk-server-charset-unspecified(72327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72327"
}
]
}
}

34
2013/5xxx/CVE-2013-5625.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5625",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5625",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}

34
2014/2xxx/CVE-2014-2750.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2750",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745. Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-2750",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745. Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2014/2xxx/CVE-2014-2917.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2917",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2917",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/2xxx/CVE-2014-2943.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2943",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-2943",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

130
2014/6xxx/CVE-2014-6046.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://techdefencelabs.com/security-advisories.html",
"refsource" : "MISC",
"url" : "http://techdefencelabs.com/security-advisories.html"
},
{
"name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
},
{
"name": "https://www.phpmyfaq.de/security/advisory-2014-09-16",
"refsource": "CONFIRM",
"url": "https://www.phpmyfaq.de/security/advisory-2014-09-16"
}
]
}
}

34
2014/6xxx/CVE-2014-6202.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6202",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6202",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6995.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#308641",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/308641"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#308641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/308641"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7435.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#152177",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/152177"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#152177",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/152177"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7592.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#649113",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/649113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#649113",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/649113"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7669.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7669",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7669",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

210
2014/7xxx/CVE-2014-7941.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=428557",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=428557"
},
{
"name" : "https://codereview.chromium.org/697863002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/697863002"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=428557",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=428557"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "https://codereview.chromium.org/697863002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/697863002"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
}
]
}
}

34
2017/1000xxx/CVE-2017-1000177.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1000177",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1000177",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2017/18xxx/CVE-2017-18016.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43499",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43499/"
},
{
"name" : "[oss-security] 20180110 CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/01/10/1"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016"
},
{
"name" : "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215",
"refsource" : "CONFIRM",
"url" : "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016",
"refsource": "MISC",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016"
},
{
"name": "[oss-security] 20180110 CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/10/1"
},
{
"name": "43499",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43499/"
},
{
"name": "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215",
"refsource": "CONFIRM",
"url": "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215"
}
]
}
}

132
2017/18xxx/CVE-2017-18074.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in Audio"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in Audio"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2017/1xxx/CVE-2017-1041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1041",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1065.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1065",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1065",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/1xxx/CVE-2017-1258.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-06-29T00:00:00",
"ID" : "CVE-2017-1258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.1.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-29T00:00:00",
"ID": "CVE-2017-1258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.1"
},
{
"version_value": "10.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004309",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004309"
},
{
"name" : "99377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99377"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004309",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004309"
}
]
}
}

132
2017/1xxx/CVE-2017-1342.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-22T00:00:00",
"ID" : "CVE-2017-1342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Insights Foundation for Energy",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-22T00:00:00",
"ID": "CVE-2017-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insights Foundation for Energy",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009039",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009039",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009039"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457"
}
]
}
}

304
2017/5xxx/CVE-2017-5400.json
View File

@ -1,154 +1,154 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.8"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
},
{
"version_affected" : "<",
"version_value" : "45.8"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "asm.js JIT-spray bypass of ASLR and DEP"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.8"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
},
{
"version_affected": "<",
"version_value": "45.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "DSA-3805",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3805"
},
{
"name" : "DSA-3832",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3832"
},
{
"name" : "GLSA-201705-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-06"
},
{
"name" : "GLSA-201705-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-07"
},
{
"name" : "RHSA-2017:0459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"name" : "RHSA-2017:0461",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"name" : "RHSA-2017:0498",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"name" : "96654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96654"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "asm.js JIT-spray bypass of ASLR and DEP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96654"
},
{
"name": "RHSA-2017:0459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "GLSA-201705-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-06"
},
{
"name": "RHSA-2017:0461",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"
},
{
"name": "DSA-3805",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3805"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"
},
{
"name": "RHSA-2017:0498",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"
},
{
"name": "GLSA-201705-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-07"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933"
}
]
}
}

184
2017/5xxx/CVE-2017-5403.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5403",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free using addRange to add range to an incorrect root object"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "96691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96691"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free using addRange to add range to an incorrect root object"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "96691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96691"
}
]
}
}

152
2017/5xxx/CVE-2017-5453.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HTML injection into RSS Reader feed preview page through TITLE element"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML injection into RSS Reader feed preview page through TITLE element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
}
]
}
}