admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:02:17 +00:00
parent cd8d1d0d9e
commit aed0a0b3f0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4645 additions and 4645 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2006/2xxx/CVE-2006-2175.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060502 Fast Click <= 2.3.8 Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432963/100/0/threaded"
},
{
"name" : "http://www.aria-security.net/advisory/fc/fastclick.txt",
"refsource" : "MISC",
"url" : "http://www.aria-security.net/advisory/fc/fastclick.txt"
},
{
"name" : "1740",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1740"
},
{
"name" : "17813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17813"
},
{
"name" : "ADV-2006-1631",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1631"
},
{
"name" : "25192",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25192"
},
{
"name" : "25289",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25289"
},
{
"name" : "1016021",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016021"
},
{
"name" : "19923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19923"
},
{
"name" : "fastclick-multiple-file-include(26235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17813"
},
{
"name": "1740",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1740"
},
{
"name": "fastclick-multiple-file-include(26235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26235"
},
{
"name": "http://www.aria-security.net/advisory/fc/fastclick.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/advisory/fc/fastclick.txt"
},
{
"name": "25289",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25289"
},
{
"name": "19923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19923"
},
{
"name": "25192",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25192"
},
{
"name": "20060502 Fast Click <= 2.3.8 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432963/100/0/threaded"
},
{
"name": "1016021",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016021"
},
{
"name": "ADV-2006-1631",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1631"
}
]
}
}

160
2006/2xxx/CVE-2006-2191.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is \"unexploitable.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource" : "MLIST",
"url" : "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name" : "[security] 20060906 Re: mailman 2.1.5-8sarge3: screwup between security and maintainer upload",
"refsource" : "MLIST",
"url" : "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"name" : "SUSE-SR:2006:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name" : "21732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21732"
},
{
"name" : "22639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is \"unexploitable.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "[security] 20060906 Re: mailman 2.1.5-8sarge3: screwup between security and maintainer upload",
"refsource": "MLIST",
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
}
]
}
}

180
2006/2xxx/CVE-2006-2553.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060519 Jemscripts Download Control v1.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434533/100/0/threaded"
},
{
"name" : "20060523 Jemscripts DownloadControl 1.0 - at least 2 separate issues",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-May/000783.html"
},
{
"name" : "ADV-2006-1928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1928"
},
{
"name" : "25715",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25715"
},
{
"name" : "20212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20212"
},
{
"name" : "943",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/943"
},
{
"name" : "downloadcontrol-dc-xss(26624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25715"
},
{
"name": "ADV-2006-1928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1928"
},
{
"name": "20060519 Jemscripts Download Control v1.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434533/100/0/threaded"
},
{
"name": "downloadcontrol-dc-xss(26624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26624"
},
{
"name": "20212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20212"
},
{
"name": "943",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/943"
},
{
"name": "20060523 Jemscripts DownloadControl 1.0 - at least 2 separate issues",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-May/000783.html"
}
]
}
}

34
2006/2xxx/CVE-2006-2599.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2599",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2587. Reason: This candidate is a duplicate of CVE-2006-2587. Notes: All CVE users should reference CVE-2006-2587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-2599",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2587. Reason: This candidate is a duplicate of CVE-2006-2587. Notes: All CVE users should reference CVE-2006-2587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

180
2006/3xxx/CVE-2006-3094.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060615 Calendarix 0.7.20060401, SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=115048898305454&w=2"
},
{
"name" : "ADV-2006-2360",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2360"
},
{
"name" : "26528",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26528"
},
{
"name" : "26529",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26529"
},
{
"name" : "1016324",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016324"
},
{
"name" : "20645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20645"
},
{
"name" : "calendarix-id-sql-injection(27186)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26528"
},
{
"name": "1016324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016324"
},
{
"name": "26529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26529"
},
{
"name": "ADV-2006-2360",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2360"
},
{
"name": "20645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20645"
},
{
"name": "20060615 Calendarix 0.7.20060401, SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=115048898305454&w=2"
},
{
"name": "calendarix-id-sql-injection(27186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27186"
}
]
}
}

200
2006/3xxx/CVE-2006-3556.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060707 [ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439451/100/0/threaded"
},
{
"name" : "20060718 ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440451/100/0/threaded"
},
{
"name" : "20060719 Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440870/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv36-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv36-matdhule-2006.txt"
},
{
"name" : "18876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18876"
},
{
"name" : "19042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19042"
},
{
"name" : "ADV-2006-2711",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2711"
},
{
"name" : "1227",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1227"
},
{
"name" : "extcalendar-extcalendar-file-include(27633)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060718 ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440451/100/0/threaded"
},
{
"name": "1227",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1227"
},
{
"name": "20060707 [ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439451/100/0/threaded"
},
{
"name": "ADV-2006-2711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2711"
},
{
"name": "20060719 Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440870/100/0/threaded"
},
{
"name": "18876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18876"
},
{
"name": "http://advisories.echo.or.id/adv/adv36-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv36-matdhule-2006.txt"
},
{
"name": "19042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19042"
},
{
"name": "extcalendar-extcalendar-file-include(27633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27633"
}
]
}
}

150
2006/4xxx/CVE-2006-4165.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#51301450",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2351301450/index.html"
},
{
"name" : "19497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19497"
},
{
"name" : "21445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21445"
},
{
"name" : "netcommons-unspecified-xss(28351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51301450",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2351301450/index.html"
},
{
"name": "netcommons-unspecified-xss(28351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28351"
},
{
"name": "19497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19497"
},
{
"name": "21445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21445"
}
]
}
}

150
2006/4xxx/CVE-2006-4451.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2006-61/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-61/advisory/"
},
{
"name" : "19748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19748"
},
{
"name" : "ADV-2006-3406",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3406"
},
{
"name" : "21561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21561"
},
{
"name": "http://secunia.com/secunia_research/2006-61/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-61/advisory/"
},
{
"name": "19748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19748"
},
{
"name": "ADV-2006-3406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3406"
}
]
}
}

170
2006/6xxx/CVE-2006-6159.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt",
"refsource" : "MISC",
"url" : "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt"
},
{
"name" : "21248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21248"
},
{
"name" : "ADV-2006-4676",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4676"
},
{
"name" : "30671",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30671"
},
{
"name" : "22991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22991"
},
{
"name" : "deskpro-newticket-xss(30520)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "deskpro-newticket-xss(30520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30520"
},
{
"name": "21248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21248"
},
{
"name": "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt",
"refsource": "MISC",
"url": "http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt"
},
{
"name": "22991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22991"
},
{
"name": "ADV-2006-4676",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4676"
},
{
"name": "30671",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30671"
}
]
}
}

160
2006/6xxx/CVE-2006-6295.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2885",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2885"
},
{
"name" : "21415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21415"
},
{
"name" : "ADV-2006-4838",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4838"
},
{
"name" : "23206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23206"
},
{
"name" : "mxtinies-common-file-include(30736)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4838",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4838"
},
{
"name": "23206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23206"
},
{
"name": "21415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21415"
},
{
"name": "mxtinies-common-file-include(30736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30736"
},
{
"name": "2885",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2885"
}
]
}
}

180
2006/6xxx/CVE-2006-6302.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6302",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=157166",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=157166"
},
{
"name" : "GLSA-200702-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200702-05.xml"
},
{
"name" : "21469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21469"
},
{
"name" : "ADV-2006-4877",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4877"
},
{
"name" : "23237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23237"
},
{
"name" : "24184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24184"
},
{
"name" : "fail2ban-log-message-dos(30739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200702-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200702-05.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=157166",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=157166"
},
{
"name": "23237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23237"
},
{
"name": "24184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24184"
},
{
"name": "fail2ban-log-message-dos(30739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30739"
},
{
"name": "21469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21469"
},
{
"name": "ADV-2006-4877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4877"
}
]
}
}

230
2006/6xxx/CVE-2006-6917.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061208 LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453930/30/390/threaded"
},
{
"name" : "20061208 LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453933/30/420/threaded"
},
{
"name" : "20061211 Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454094/30/360/threaded"
},
{
"name" : "20061211 Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454088/30/0/threaded"
},
{
"name" : "20070109 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456428/100/0/threaded"
},
{
"name" : "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456711"
},
{
"name" : "http://www.lssec.com/advisories/LS-20061001.pdf",
"refsource" : "MISC",
"url" : "http://www.lssec.com/advisories/LS-20061001.pdf"
},
{
"name" : "http://www.lssec.com/advisories/LS-20060908.pdf",
"refsource" : "MISC",
"url" : "http://www.lssec.com/advisories/LS-20060908.pdf"
},
{
"name" : "http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp",
"refsource" : "MISC",
"url" : "http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp"
},
{
"name" : "3086",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3086"
},
{
"name" : "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428"
},
{
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959",
"refsource" : "CONFIRM",
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp",
"refsource": "MISC",
"url": "http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp"
},
{
"name": "20061211 Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454088/30/0/threaded"
},
{
"name": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428"
},
{
"name": "http://www.lssec.com/advisories/LS-20061001.pdf",
"refsource": "MISC",
"url": "http://www.lssec.com/advisories/LS-20061001.pdf"
},
{
"name": "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456711"
},
{
"name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959",
"refsource": "CONFIRM",
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959"
},
{
"name": "20061211 Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454094/30/360/threaded"
},
{
"name": "20070109 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456428/100/0/threaded"
},
{
"name": "20061208 LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453930/30/390/threaded"
},
{
"name": "3086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3086"
},
{
"name": "http://www.lssec.com/advisories/LS-20060908.pdf",
"refsource": "MISC",
"url": "http://www.lssec.com/advisories/LS-20060908.pdf"
},
{
"name": "20061208 LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453933/30/420/threaded"
}
]
}
}

120
2006/6xxx/CVE-2006-6984.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html"
}
]
}
}

130
2006/7xxx/CVE-2006-7046.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "26224",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26224"
},
{
"name" : "20484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20484"
},
{
"name": "26224",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26224"
}
]
}
}

160
2006/7xxx/CVE-2006-7166.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via \"a specific JSP URL.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
},
{
"name" : "PK20181",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24011720"
},
{
"name" : "22991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22991"
},
{
"name" : "ADV-2007-0970",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0970"
},
{
"name" : "24478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via \"a specific JSP URL.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0970",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0970"
},
{
"name": "24478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24478"
},
{
"name": "PK20181",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24011720"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
},
{
"name": "22991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22991"
}
]
}
}

140
2011/0xxx/CVE-2011-0186.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

290
2011/0xxx/CVE-2011-0285.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110413 MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517484/100/0/threaded"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726"
},
{
"name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899",
"refsource" : "CONFIRM",
"url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt"
},
{
"name" : "FEDORA-2011-5333",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html"
},
{
"name" : "MDVSA-2011:077",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:077"
},
{
"name" : "RHSA-2011:0447",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0447.html"
},
{
"name" : "openSUSE-SU-2011:0348",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/8086843"
},
{
"name" : "47310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47310"
},
{
"name" : "71789",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71789"
},
{
"name" : "1025320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025320"
},
{
"name" : "44125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44125"
},
{
"name" : "44196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44196"
},
{
"name" : "44181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44181"
},
{
"name" : "8200",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8200"
},
{
"name" : "ADV-2011-0936",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0936"
},
{
"name" : "ADV-2011-0986",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0986"
},
{
"name" : "ADV-2011-0997",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110413 MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517484/100/0/threaded"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt"
},
{
"name": "RHSA-2011:0447",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0447.html"
},
{
"name": "47310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47310"
},
{
"name": "44181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44181"
},
{
"name": "1025320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025320"
},
{
"name": "openSUSE-SU-2011:0348",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8086843"
},
{
"name": "44125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44125"
},
{
"name": "44196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44196"
},
{
"name": "ADV-2011-0997",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0997"
},
{
"name": "71789",
"refsource": "OSVDB",
"url": "http://osvdb.org/71789"
},
{
"name": "ADV-2011-0936",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0936"
},
{
"name": "MDVSA-2011:077",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:077"
},
{
"name": "ADV-2011-0986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0986"
},
{
"name": "8200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8200"
},
{
"name": "FEDORA-2011-5333",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726"
}
]
}
}

34
2011/0xxx/CVE-2011-0312.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0312",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2011/0xxx/CVE-2011-0808.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) vswk6.dll or (b) libvs_wk6.so in Outside In 8.1.0.4037 through 8.3.5.5684, involving the Lotus 123 parser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name" : "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
},
{
"name" : "VU#520721",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/520721"
},
{
"name" : "47435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47435"
},
{
"name" : "44295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) vswk6.dll or (b) libvs_wk6.so in Outside In 8.1.0.4037 through 8.3.5.5684, involving the Lotus 123 parser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "47435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47435"
},
{
"name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"
},
{
"name": "44295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44295"
},
{
"name": "VU#520721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/520721"
}
]
}
}

34
2011/0xxx/CVE-2011-0967.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0967",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0967",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2011/1xxx/CVE-2011-1077.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110527 [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518167/100/0/threaded"
},
{
"name" : "20110531 [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0531.html"
},
{
"name" : "http://archiva.apache.org/docs/1.3.5/release-notes.html",
"refsource" : "CONFIRM",
"url" : "http://archiva.apache.org/docs/1.3.5/release-notes.html"
},
{
"name" : "http://archiva.apache.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://archiva.apache.org/security.html"
},
{
"name" : "48011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48011"
},
{
"name" : "44693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44693"
},
{
"name" : "8267",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8267"
},
{
"name" : "archiva-multiple-xss(67672)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110527 [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518167/100/0/threaded"
},
{
"name": "44693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44693"
},
{
"name": "archiva-multiple-xss(67672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67672"
},
{
"name": "20110531 [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0531.html"
},
{
"name": "http://archiva.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/security.html"
},
{
"name": "8267",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8267"
},
{
"name": "48011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48011"
},
{
"name": "http://archiva.apache.org/docs/1.3.5/release-notes.html",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/docs/1.3.5/release-notes.html"
}
]
}
}

230
2011/1xxx/CVE-2011-1753.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ejabberd.im/ejabberd-2.1.7",
"refsource" : "CONFIRM",
"url" : "http://www.ejabberd.im/ejabberd-2.1.7"
},
{
"name" : "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/",
"refsource" : "CONFIRM",
"url" : "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700454",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700454"
},
{
"name" : "https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6",
"refsource" : "CONFIRM",
"url" : "https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6"
},
{
"name" : "DSA-2248",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2248"
},
{
"name" : "FEDORA-2011-8415",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html"
},
{
"name" : "FEDORA-2011-8437",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html"
},
{
"name" : "48072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48072"
},
{
"name" : "44765",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44765"
},
{
"name" : "44807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44807"
},
{
"name" : "45120",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45120"
},
{
"name" : "ejabberd-xml-dos(67769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ejabberd-xml-dos(67769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67769"
},
{
"name": "DSA-2248",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2248"
},
{
"name": "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/",
"refsource": "CONFIRM",
"url": "http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7/"
},
{
"name": "44765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44765"
},
{
"name": "https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6",
"refsource": "CONFIRM",
"url": "https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6"
},
{
"name": "FEDORA-2011-8415",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html"
},
{
"name": "http://www.ejabberd.im/ejabberd-2.1.7",
"refsource": "CONFIRM",
"url": "http://www.ejabberd.im/ejabberd-2.1.7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=700454",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700454"
},
{
"name": "44807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44807"
},
{
"name": "48072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48072"
},
{
"name": "FEDORA-2011-8437",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html"
},
{
"name": "45120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45120"
}
]
}
}

150
2011/3xxx/CVE-2011-3429.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "76331",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76331"
},
{
"name" : "appleios-restrictions-info-disc(70559)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76331",
"refsource": "OSVDB",
"url": "http://osvdb.org/76331"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "appleios-restrictions-info-disc(70559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70559"
}
]
}
}

190
2011/3xxx/CVE-2011-3838.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2011-88/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-88/"
},
{
"name" : "77915",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77915"
},
{
"name" : "77916",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77916"
},
{
"name" : "77917",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77917"
},
{
"name" : "77918",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77918"
},
{
"name" : "77919",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77919"
},
{
"name" : "46163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46163"
},
{
"name" : "wuzly-multiple-sql-injection(71904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77916",
"refsource": "OSVDB",
"url": "http://osvdb.org/77916"
},
{
"name": "77915",
"refsource": "OSVDB",
"url": "http://osvdb.org/77915"
},
{
"name": "77918",
"refsource": "OSVDB",
"url": "http://osvdb.org/77918"
},
{
"name": "wuzly-multiple-sql-injection(71904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71904"
},
{
"name": "77917",
"refsource": "OSVDB",
"url": "http://osvdb.org/77917"
},
{
"name": "46163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46163"
},
{
"name": "77919",
"refsource": "OSVDB",
"url": "http://osvdb.org/77919"
},
{
"name": "http://secunia.com/secunia_research/2011-88/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-88/"
}
]
}
}

34
2011/3xxx/CVE-2011-3931.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3931",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3931",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2011/4xxx/CVE-2011-4140.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/09/11/1"
},
{
"name" : "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
},
{
"name" : "https://www.djangoproject.com/weblog/2011/sep/09/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2011/sep/09/"
},
{
"name" : "https://www.djangoproject.com/weblog/2011/sep/10/127/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2011/sep/10/127/"
},
{
"name" : "DSA-2332",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2332"
},
{
"name" : "openSUSE-SU-2012:0653",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/14700881"
},
{
"name" : "46614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46614"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0653",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/14700881"
},
{
"name": "DSA-2332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2332"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
},
{
"name": "46614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46614"
},
{
"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/11/1"
},
{
"name": "https://www.djangoproject.com/weblog/2011/sep/10/127/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
},
{
"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"name": "https://www.djangoproject.com/weblog/2011/sep/09/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2011/sep/09/"
}
]
}
}

34
2011/4xxx/CVE-2011-4440.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4440",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4440",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/4xxx/CVE-2011-4565.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html"
},
{
"name" : "http://xoops.org/modules/news/article.php?storyid=6094",
"refsource" : "CONFIRM",
"url" : "http://xoops.org/modules/news/article.php?storyid=6094"
},
{
"name" : "49995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49995"
},
{
"name" : "46238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46238"
},
{
"name" : "xoops-formdhtmltextareapreview-xss(70378)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70378"
},
{
"name" : "xoops-pmlite-xss(70377)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to include/formdhtmltextarea_preview.php or (2) img BBCODE tag within the message parameter to pmlite.php (aka Private Message). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xoops-pmlite-xss(70377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70377"
},
{
"name": "46238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46238"
},
{
"name": "xoops-formdhtmltextareapreview-xss(70378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70378"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_xss_in_xoops_web_application_platform.html"
},
{
"name": "49995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49995"
},
{
"name": "http://xoops.org/modules/news/article.php?storyid=6094",
"refsource": "CONFIRM",
"url": "http://xoops.org/modules/news/article.php?storyid=6094"
}
]
}
}

530
2011/4xxx/CVE-2011-4862.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2011-4862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
},
{
"name" : "18280",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18280/"
},
{
"name" : "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
},
{
"name" : "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
},
{
"name" : "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
},
{
"name" : "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
},
{
"name" : "http://security.freebsd.org/patches/SA-11:08/telnetd.patch",
"refsource" : "CONFIRM",
"url" : "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
},
{
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
},
{
"name" : "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
},
{
"name" : "DSA-2372",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2372"
},
{
"name" : "DSA-2373",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2373"
},
{
"name" : "DSA-2375",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2375"
},
{
"name" : "FEDORA-2011-17492",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
},
{
"name" : "FEDORA-2011-17493",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
},
{
"name" : "FreeBSD-SA-11:08",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
},
{
"name" : "MDVSA-2011:195",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
},
{
"name" : "RHSA-2011:1851",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
},
{
"name" : "RHSA-2011:1852",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
},
{
"name" : "RHSA-2011:1854",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
},
{
"name" : "RHSA-2011:1853",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
},
{
"name" : "SUSE-SU-2012:0010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name" : "SUSE-SU-2012:0018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name" : "SUSE-SU-2012:0042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name" : "SUSE-SU-2012:0050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name" : "openSUSE-SU-2012:0019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name" : "openSUSE-SU-2012:0051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"name" : "SUSE-SU-2012:0024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
},
{
"name" : "SUSE-SU-2012:0056",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
},
{
"name" : "78020",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78020"
},
{
"name" : "1026460",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026460"
},
{
"name" : "1026463",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026463"
},
{
"name" : "47341",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47341"
},
{
"name" : "47348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47348"
},
{
"name" : "47357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47357"
},
{
"name" : "47359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47359"
},
{
"name" : "47373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47373"
},
{
"name" : "47374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47374"
},
{
"name" : "47397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47397"
},
{
"name" : "47399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47399"
},
{
"name" : "47441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47441"
},
{
"name" : "46239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46239"
},
{
"name" : "multiple-telnetd-bo(71970)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "47399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47399"
},
{
"name": "DSA-2375",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2375"
},
{
"name": "RHSA-2011:1854",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
},
{
"name": "SUSE-SU-2012:0018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
},
{
"name": "DSA-2372",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2372"
},
{
"name": "47359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47359"
},
{
"name": "FEDORA-2011-17493",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
},
{
"name": "47374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47374"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
},
{
"name": "FreeBSD-SA-11:08",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
},
{
"name": "openSUSE-SU-2012:0019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name": "FEDORA-2011-17492",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
},
{
"name": "MDVSA-2011:195",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
},
{
"name": "SUSE-SU-2012:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
},
{
"name": "SUSE-SU-2012:0050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name": "78020",
"refsource": "OSVDB",
"url": "http://osvdb.org/78020"
},
{
"name": "1026463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026463"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
},
{
"name": "47341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47341"
},
{
"name": "RHSA-2011:1852",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
},
{
"name": "RHSA-2011:1853",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
},
{
"name": "openSUSE-SU-2012:0051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"name": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch",
"refsource": "CONFIRM",
"url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
},
{
"name": "47357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47357"
},
{
"name": "46239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46239"
},
{
"name": "SUSE-SU-2012:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "47397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47397"
},
{
"name": "47373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47373"
},
{
"name": "SUSE-SU-2012:0056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
},
{
"name": "47441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47441"
},
{
"name": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
},
{
"name": "RHSA-2011:1851",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
},
{
"name": "18280",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18280/"
},
{
"name": "47348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47348"
},
{
"name": "1026460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026460"
},
{
"name": "DSA-2373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2373"
},
{
"name": "multiple-telnetd-bo(71970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
}
]
}
}

160
2013/5xxx/CVE-2013-5094.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html",
"refsource" : "MISC",
"url" : "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"name" : "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"name" : "http://www.tenable.com/plugins/index.php?view=single&id=65738",
"refsource" : "MISC",
"url" : "http://www.tenable.com/plugins/index.php?view=single&id=65738"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=KB77772",
"refsource" : "MISC",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=KB77772"
},
{
"name" : "58401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html"
},
{
"name": "http://www.tenable.com/plugins/index.php?view=single&id=65738",
"refsource": "MISC",
"url": "http://www.tenable.com/plugins/index.php?view=single&id=65738"
},
{
"name": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html",
"refsource": "MISC",
"url": "http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=KB77772",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=KB77772"
},
{
"name": "58401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58401"
}
]
}
}

170
2013/5xxx/CVE-2013-5872.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64871"
},
{
"name" : "102055",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102055"
},
{
"name" : "56488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56488"
},
{
"name" : "oracle-cpujan2014-cve20135872(90365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102055",
"refsource": "OSVDB",
"url": "http://osvdb.org/102055"
},
{
"name": "oracle-cpujan2014-cve20135872(90365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90365"
},
{
"name": "56488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56488"
},
{
"name": "64871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64871"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

120
2014/2xxx/CVE-2014-2182.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182"
}
]
}
}

34
2014/2xxx/CVE-2014-2396.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2396",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/2xxx/CVE-2014-2665.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a \"login CSRF\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14",
"refsource" : "MLIST",
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
},
{
"name" : "[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/03/28/1"
},
{
"name" : "[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/04/01/7"
},
{
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
},
{
"name" : "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php",
"refsource" : "CONFIRM",
"url" : "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a \"login CSRF\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=62497"
},
{
"name": "[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/03/28/1"
},
{
"name": "[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html"
},
{
"name": "[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/01/7"
},
{
"name": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php",
"refsource": "CONFIRM",
"url": "https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php"
}
]
}
}

140
2014/2xxx/CVE-2014-2770.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-1804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-035",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name" : "67855",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67855"
},
{
"name" : "1030370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-1804."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "67855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67855"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
}
]
}
}

120
2014/2xxx/CVE-2014-2860.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#437385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/437385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#437385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/437385"
}
]
}
}

34
2014/2xxx/CVE-2014-2982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2982",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2982",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/6xxx/CVE-2014-6267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6267",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6267",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2014/6xxx/CVE-2014-6425.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-15.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1677",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1677"
},
{
"name" : "RHSA-2014:1676",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name" : "RHSA-2014:1677",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1677.html"
},
{
"name" : "60280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60280"
},
{
"name" : "61929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61929"
},
{
"name" : "61933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1676",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1676"
},
{
"name": "61933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61933"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353"
},
{
"name": "RHSA-2014:1677",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1677.html"
},
{
"name": "RHSA-2014:1676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
},
{
"name": "60280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60280"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-15.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-15.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1677",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1677"
},
{
"name": "61929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61929"
}
]
}
}

350
2014/6xxx/CVE-2014-6587.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource" : "CONFIRM",
"url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name" : "DSA-3144",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3144"
},
{
"name" : "DSA-3147",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3147"
},
{
"name" : "GLSA-201603-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-14"
},
{
"name" : "GLSA-201507-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-14"
},
{
"name" : "HPSBUX03273",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name" : "SSRT101951",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name" : "HPSBUX03281",
"refsource" : "HP",
"url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name" : "SSRT101968",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2"
},
{
"name" : "RHSA-2015:0068",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"name" : "RHSA-2015:0079",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"name" : "RHSA-2015:0080",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"name" : "RHSA-2015:0085",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"name" : "RHSA-2015:0086",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"name" : "RHSA-2015:0264",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name" : "SUSE-SU-2015:0336",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:0190",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name" : "SUSE-SU-2015:0503",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"name" : "USN-2486-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name" : "USN-2487-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name" : "72168",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72168"
},
{
"name" : "1031580",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031580"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"name": "DSA-3144",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"name": "RHSA-2015:0079",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "RHSA-2015:0264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name": "USN-2487-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name": "RHSA-2015:0085",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html"
},
{
"name": "RHSA-2015:0086",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html"
},
{
"name": "GLSA-201603-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-14"
},
{
"name": "SUSE-SU-2015:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name": "RHSA-2015:0080",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
},
{
"name": "RHSA-2015:0068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html"
},
{
"name": "USN-2486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name": "GLSA-201507-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"name": "SSRT101951",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name": "HPSBUX03281",
"refsource": "HP",
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name": "72168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72168"
},
{
"name": "SSRT101968",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"
},
{
"name": "openSUSE-SU-2015:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name": "HPSBUX03273",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name": "1031580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031580"
},
{
"name": "DSA-3147",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3147"
}
]
}
}

140
2014/6xxx/CVE-2014-6827.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#358185",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/358185"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#358185",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/358185"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6992.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Timeless Black (aka com.apptive.android.apps.timeless) application 2.10.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#623241",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/623241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Timeless Black (aka com.apptive.android.apps.timeless) application 2.10.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#623241",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/623241"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7066.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#835409",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/835409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#835409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/835409"
}
]
}
}

170
2014/7xxx/CVE-2014-7216.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name" : "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name" : "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
},
{
"name" : "https://hackerone.com/reports/10767",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/10767"
},
{
"name" : "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource" : "MISC",
"url" : "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name" : "1033544",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}

140
2014/7xxx/CVE-2014-7313.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The One You Fitness (aka com.app_oneyou.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#831977",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/831977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The One You Fitness (aka com.app_oneyou.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#831977",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/831977"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

170
2014/7xxx/CVE-2014-7868.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533946/100/0/threaded"
},
{
"name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/21"
},
{
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt"
},
{
"name" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html"
},
{
"name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix",
"refsource" : "CONFIRM",
"url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix"
},
{
"name" : "71002",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71002"
},
{
"name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/21"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt"
},
{
"name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533946/100/0/threaded"
},
{
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix",
"refsource": "CONFIRM",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix"
},
{
"name": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html"
}
]
}
}

150
2017/0xxx/CVE-2017-0022.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "XML Core Services",
"version" : {
"version_data" : [
{
"version_value" : "XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka \"Microsoft XML Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XML Core Services",
"version": {
"version_data": [
{
"version_value": "XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html",
"refsource" : "MISC",
"url" : "https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022"
},
{
"name" : "96069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96069"
},
{
"name" : "1038014",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka \"Microsoft XML Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96069"
},
{
"name": "https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022"
},
{
"name": "1038014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038014"
}
]
}
}

140
2017/0xxx/CVE-2017-0069.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Edge",
"version" : {
"version_data" : [
{
"version_value" : "Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Spoofing"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069"
},
{
"name" : "96650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96650"
},
{
"name" : "1038006",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka \"Microsoft Edge Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069"
},
{
"name": "96650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96650"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}

140
2017/0xxx/CVE-2017-0107.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "SharePoint Server"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SharePoint",
"version": {
"version_data": [
{
"version_value": "SharePoint Server"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107"
},
{
"name" : "96748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96748"
},
{
"name" : "1038019",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107"
},
{
"name": "1038019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038019"
},
{
"name": "96748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96748"
}
]
}
}

140
2017/0xxx/CVE-2017-0522.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96798"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. References: M-ALPS03032516."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96798"
}
]
}
}

146
2017/0xxx/CVE-2017-0586.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97357"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97357"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

158
2017/0xxx/CVE-2017-0926.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2017-0926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GitLab Community and Enterprise Editions",
"version" : {
"version_data" : [
{
"version_value" : "9.1.0 - 10.0.5 Fixed in 10.0.5"
},
{
"version_value" : "10.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name" : "GitLab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization (CWE-285)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2017-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Community and Enterprise Editions",
"version": {
"version_data": [
{
"version_value": "9.1.0 - 10.0.5 Fixed in 10.0.5"
},
{
"version_value": "10.1.0 - 10.1.5 Fixed in 10.1.6"
},
{
"version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6"
},
{
"version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
},
{
"name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198"
},
{
"name" : "DSA-4145",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4145",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4145"
},
{
"name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198"
}
]
}
}

134
2017/1000xxx/CVE-2017-1000199.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.425439",
"ID" : "CVE-2017-1000199",
"REQUESTER" : "mgerstner@suse.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "tcmu-runner",
"version" : {
"version_data" : [
{
"version_value" : "0.9.1 to 1.2.0"
}
]
}
}
]
},
"vendor_name" : "https://github.com/open-iscsi/tcmu-runner"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.425439",
"ID": "CVE-2017-1000199",
"REQUESTER": "mgerstner@suse.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/open-iscsi/tcmu-runner/issues/194",
"refsource" : "MISC",
"url" : "https://github.com/open-iscsi/tcmu-runner/issues/194"
},
{
"name" : "RHSA-2017:3277",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3277",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3277"
},
{
"name": "https://github.com/open-iscsi/tcmu-runner/issues/194",
"refsource": "MISC",
"url": "https://github.com/open-iscsi/tcmu-runner/issues/194"
}
]
}
}

130
2017/18xxx/CVE-2017-18308.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control in Core Services"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "1041432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control in Core Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}

34
2017/18xxx/CVE-2017-18335.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18335",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18335",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/18xxx/CVE-2017-18337.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18337",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18337",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1009.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1009",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1009",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1043.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1043",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1043",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

176
2017/1xxx/CVE-2017-1134.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tivoli System Automation for Multiplatforms",
"version" : {
"version_data" : [
{
"version_value" : "3.1"
},
{
"version_value" : "3.2"
},
{
"version_value" : "3.2.1"
},
{
"version_value" : "3.2.2"
},
{
"version_value" : "2.2"
},
{
"version_value" : "2.3"
},
{
"version_value" : "4.1"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli System Automation for Multiplatforms",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "3.2"
},
{
"version_value": "3.2.1"
},
{
"version_value": "3.2.2"
},
{
"version_value": "2.2"
},
{
"version_value": "2.3"
},
{
"version_value": "4.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21998459",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"name" : "96764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96764"
},
{
"name" : "1038389",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96764"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998459",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998459"
},
{
"name": "1038389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038389"
}
]
}
}

34
2017/1xxx/CVE-2017-1882.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1882",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1882",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/5xxx/CVE-2017-5309.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5309",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/5xxx/CVE-2017-5595.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/bugtraq/2017/Feb/6",
"refsource" : "MISC",
"url" : "http://seclists.org/bugtraq/2017/Feb/6"
},
{
"name" : "http://seclists.org/fulldisclosure/2017/Feb/11",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Feb/11"
},
{
"name" : "https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3",
"refsource" : "MISC",
"url" : "https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3"
},
{
"name" : "96125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/11",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/11"
},
{
"name": "96125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96125"
},
{
"name": "https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3",
"refsource": "MISC",
"url": "https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3"
},
{
"name": "http://seclists.org/bugtraq/2017/Feb/6",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Feb/6"
}
]
}
}

180
2017/5xxx/CVE-2017-5896.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170206 mupdf: heap-based buffer overflow in fz_subsample_pixmap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/06/3"
},
{
"name" : "[oss-security] 20170207 Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/07/1"
},
{
"name" : "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697515",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697515"
},
{
"name" : "DSA-3797",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3797"
},
{
"name" : "GLSA-201702-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-12"
},
{
"name" : "96139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170207 Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/1"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697515",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697515"
},
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27"
},
{
"name": "DSA-3797",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3797"
},
{
"name": "96139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96139"
},
{
"name": "[oss-security] 20170206 mupdf: heap-based buffer overflow in fz_subsample_pixmap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/06/3"
},
{
"name": "GLSA-201702-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-12"
}
]
}
}

200
2017/5xxx/CVE-2017-5898.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a",
"refsource" : "CONFIRM",
"url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name" : "GLSA-201702-28",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-28"
},
{
"name" : "RHSA-2017:1856",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
"name" : "RHSA-2017:2392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name" : "SUSE-SU-2017:0570",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name" : "SUSE-SU-2017:0582",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name" : "96112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2017:0582",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96112"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
]
}
}