admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:32:08 +00:00
parent d0125c551d
commit b15be7e377
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4995 additions and 4995 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2006/2xxx/CVE-2006-2151.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2151",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2151",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1722",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1722"
"name": "toplist-toplist-list-file-include(26172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172"
},
{
"name" : "1724",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1724"
"name": "25260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25260"
},
{
"name" : "ADV-2006-1601",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1601"
"name": "1724",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1724"
},
{
"name" : "25260",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25260"
"name": "ADV-2006-1601",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1601"
},
{
"name" : "19884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19884"
"name": "1722",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1722"
},
{
"name" : "toplist-toplist-list-file-include(26172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172"
"name": "19884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19884"
}
]
}

92
2006/2xxx/CVE-2006-2289.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2289",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2289",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors."
"lang": "eng",
"value": "Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi",
"refsource" : "CONFIRM",
"url" : "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi"
"name": "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi",
"refsource": "CONFIRM",
"url": "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi"
},
{
"name" : "SUSE-SR:2006:011",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_19.html"
"name": "20022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20022"
},
{
"name" : "17884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17884"
"name": "17884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17884"
},
{
"name" : "20022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20022"
"name": "avahi-core-bo(26331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26331"
},
{
"name" : "20215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20215"
"name": "SUSE-SR:2006:011",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name" : "avahi-core-bo(26331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26331"
"name": "20215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20215"
}
]
}

86
2006/2xxx/CVE-2006-2539.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2539",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2539",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component."
"lang": "eng",
"value": "Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.sybase.com/detail?id=1040665",
"refsource" : "CONFIRM",
"url" : "http://www.sybase.com/detail?id=1040665"
"name": "20145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20145"
},
{
"name" : "18036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18036"
"name": "sybase-easerver-jpasswordfield-obtain-info(26567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26567"
},
{
"name" : "ADV-2006-1869",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1869"
"name": "ADV-2006-1869",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1869"
},
{
"name" : "20145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20145"
"name": "http://www.sybase.com/detail?id=1040665",
"refsource": "CONFIRM",
"url": "http://www.sybase.com/detail?id=1040665"
},
{
"name" : "sybase-easerver-jpasswordfield-obtain-info(26567)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26567"
"name": "18036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18036"
}
]
}

92
2006/2xxx/CVE-2006-2666.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2666",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2666",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1827",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1827"
"name": "20297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20297"
},
{
"name" : "30164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30164"
"name": "30164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30164"
},
{
"name" : "ADV-2006-1989",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1989"
"name": "1827",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1827"
},
{
"name" : "1016160",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016160"
"name": "vwebmail-pop3-file-include(26694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26694"
},
{
"name" : "20297",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20297"
"name": "ADV-2006-1989",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1989"
},
{
"name" : "vwebmail-pop3-file-include(26694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26694"
"name": "1016160",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016160"
}
]
}

92
2006/2xxx/CVE-2006-2879.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2879",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2879",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
"lang": "eng",
"value": "SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060605 ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435988"
"name": "alexnews-newscomments-sql-injection(26946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26946"
},
{
"name" : "18274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18274"
"name": "20469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20469"
},
{
"name" : "ADV-2006-2151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2151"
"name": "20060605 ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435988"
},
{
"name" : "20469",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20469"
"name": "ADV-2006-2151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2151"
},
{
"name" : "1057",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1057"
"name": "18274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18274"
},
{
"name" : "alexnews-newscomments-sql-injection(26946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26946"
"name": "1057",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1057"
}
]
}

86
2006/2xxx/CVE-2006-2961.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2961",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2961",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
"lang": "eng",
"value": "Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18586",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18586"
"name": "cesarftp-mkd-bo(27071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27071"
},
{
"name" : "ADV-2006-2287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2287"
"name": "18586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18586"
},
{
"name" : "26364",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26364"
"name": "26364",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26364"
},
{
"name" : "20574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20574"
"name": "20574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20574"
},
{
"name" : "cesarftp-mkd-bo(27071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27071"
"name": "ADV-2006-2287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2287"
}
]
}

80
2006/3xxx/CVE-2006-3575.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3575",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3575",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields."
"lang": "eng",
"value": "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
"name": "1016450",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016450"
},
{
"name" : "1016450",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016450"
"name": "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded"
},
{
"name" : "1216",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1216"
"name": "1216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1216"
},
{
"name" : "mcafee-virusscan-boprotection-dos(27625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
"name": "mcafee-virusscan-boprotection-dos(27625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625"
}
]
}

110
2006/3xxx/CVE-2006-3639.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3639",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3639",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS06-042",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
"name": "1016663",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016663"
},
{
"name" : "TA06-220A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
"name": "MS06-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"
},
{
"name" : "VU#252764",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/252764"
"name": "21396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21396"
},
{
"name" : "19400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19400"
"name": "27851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27851"
},
{
"name" : "ADV-2006-3212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3212"
"name": "ADV-2006-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3212"
},
{
"name" : "27851",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27851"
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name" : "oval:org.mitre.oval:def:577",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
"name": "VU#252764",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/252764"
},
{
"name" : "1016663",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016663"
"name": "19400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19400"
},
{
"name" : "21396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21396"
"name": "oval:org.mitre.oval:def:577",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577"
}
]
}

248
2006/3xxx/CVE-2006-3771.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3771",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3771",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060720 [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440642/100/0/threaded"
"name": "28652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28652"
},
{
"name" : "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt"
"name": "28665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28665"
},
{
"name" : "2046",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2046"
"name": "28661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28661"
},
{
"name" : "19090",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19090"
"name": "20060720 [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440642/100/0/threaded"
},
{
"name" : "28647",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28647"
"name": "28654",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28654"
},
{
"name" : "28652",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28652"
"name": "28670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28670"
},
{
"name" : "28653",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28653"
"name": "28653",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28653"
},
{
"name" : "28656",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28656"
"name": "19090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19090"
},
{
"name" : "28657",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28657"
"name": "28655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28655"
},
{
"name" : "28658",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28658"
"name": "28663",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28663"
},
{
"name" : "28659",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28659"
"name": "28660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28660"
},
{
"name" : "28660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28660"
"name": "28651",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28651"
},
{
"name" : "28661",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28661"
"name": "28648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28648"
},
{
"name" : "28662",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28662"
"name": "28671",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28671"
},
{
"name" : "28663",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28663"
"name": "28649",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28649"
},
{
"name" : "28664",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28664"
"name": "1016551",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016551"
},
{
"name" : "28665",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28665"
"name": "28669",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28669"
},
{
"name" : "28666",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28666"
"name": "28656",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28656"
},
{
"name" : "28667",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28667"
"name": "28664",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28664"
},
{
"name" : "28668",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28668"
"name": "28647",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28647"
},
{
"name" : "28669",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28669"
"name": "28658",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28658"
},
{
"name" : "28670",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28670"
"name": "28668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28668"
},
{
"name" : "28671",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28671"
"name": "28662",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28662"
},
{
"name" : "28648",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28648"
"name": "1265",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1265"
},
{
"name" : "28649",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28649"
"name": "imanagecms-absolutepath-file-include(27875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27875"
},
{
"name" : "28650",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28650"
"name": "2046",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2046"
},
{
"name" : "28651",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28651"
"name": "28659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28659"
},
{
"name" : "28654",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28654"
"name": "28650",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28650"
},
{
"name" : "28655",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28655"
"name": "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt"
},
{
"name" : "1016551",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016551"
"name": "28667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28667"
},
{
"name" : "1265",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1265"
"name": "28657",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28657"
},
{
"name" : "imanagecms-absolutepath-file-include(27875)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27875"
"name": "28666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28666"
}
]
}

476
2006/3xxx/CVE-2006-3807.json
View File

@ -1,406 +1,406 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3807",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3807",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling \"named JavaScript functions\" that use the constructor."
"lang": "eng",
"value": "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling \"named JavaScript functions\" that use the constructor."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060727 rPSA-2006-0137-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
"name": "DSA-1161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1161"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html"
"name": "21243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21243"
},
{
"name" : "https://issues.rpath.com/browse/RPL-536",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-536"
"name": "RHSA-2006:0608",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-537",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-537"
"name": "DSA-1160",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1160"
},
{
"name" : "DSA-1159",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1159"
"name": "GLSA-200608-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name" : "DSA-1160",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1160"
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name" : "DSA-1161",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1161"
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "GLSA-200608-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml"
"name": "19181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19181"
},
{
"name" : "GLSA-200608-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml"
"name": "TA06-208A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
},
{
"name" : "GLSA-200608-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name": "ADV-2006-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name": "USN-361-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name": "20060727 rPSA-2006-0137-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name": "mozilla-js-constructor-code-execution(27988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27988"
},
{
"name" : "MDKSA-2006:143",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
"name": "21529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21529"
},
{
"name" : "MDKSA-2006:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
"name": "21216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21216"
},
{
"name" : "MDKSA-2006:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
"name": "GLSA-200608-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name" : "RHSA-2006:0608",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
"name": "ADV-2007-0058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0058"
},
{
"name" : "RHSA-2006:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name" : "RHSA-2006:0611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name" : "RHSA-2006:0609",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "RHSA-2006:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name" : "20060703-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
"name": "21654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21654"
},
{
"name" : "102763",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
"name": "1016588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016588"
},
{
"name" : "SUSE-SA:2006:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
"name": "USN-329-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/329-1/"
},
{
"name" : "USN-327-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/327-1/"
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name" : "USN-329-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/329-1/"
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
"name": "21634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21634"
},
{
"name" : "USN-361-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-361-1"
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name" : "TA06-208A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
"name": "1016586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016586"
},
{
"name" : "VU#687396",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/687396"
"name": "19873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19873"
},
{
"name" : "19181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19181"
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name" : "oval:org.mitre.oval:def:10374",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374"
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name" : "ADV-2006-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2998"
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name" : "ADV-2007-0058",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0058"
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
"name": "USN-327-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/327-1/"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
"name": "21361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21361"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
"name": "VU#687396",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/687396"
},
{
"name" : "1016586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016586"
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name" : "1016587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016587"
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "1016588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016588"
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "19873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19873"
"name": "21275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21275"
},
{
"name" : "21216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21216"
"name": "21246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21246"
},
{
"name" : "21228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21228"
"name": "SUSE-SA:2006:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name" : "21229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21229"
"name": "21229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21229"
},
{
"name" : "21246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21246"
"name": "21675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21675"
},
{
"name" : "21243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21243"
"name": "1016587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016587"
},
{
"name" : "21269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21269"
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "21270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21270"
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name" : "21275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21275"
"name": "21228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21228"
},
{
"name" : "21336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21336"
"name": "21250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21250"
},
{
"name" : "21358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21358"
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "21361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21361"
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "21250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21250"
"name": "22342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22342"
},
{
"name" : "21262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21262"
"name": "102763",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
},
{
"name" : "21343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21343"
"name": "21358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21358"
},
{
"name" : "21529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21529"
"name": "https://issues.rpath.com/browse/RPL-536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-536"
},
{
"name" : "21532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21532"
"name": "https://issues.rpath.com/browse/RPL-537",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-537"
},
{
"name" : "21607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21607"
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name" : "21631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21631"
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name" : "21654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21654"
"name": "GLSA-200608-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name" : "21634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21634"
"name": "21343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21343"
},
{
"name" : "21675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21675"
"name": "oval:org.mitre.oval:def:10374",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html"
},
{
"name" : "22342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22342"
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name" : "mozilla-js-constructor-code-execution(27988)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27988"
"name": "DSA-1159",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1159"
}
]
}

110
2006/3xxx/CVE-2006-3849.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3849",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3849",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c."
"lang": "eng",
"value": "Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060723 Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441039/100/0/threaded"
"name": "http://aluigi.altervista.org/adv/warzonebof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/warzonebof-adv.txt"
},
{
"name" : "http://aluigi.altervista.org/adv/warzonebof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/warzonebof-adv.txt"
"name": "warzone-recvtextmessage-bo(27910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27910"
},
{
"name" : "GLSA-200608-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml"
"name": "ADV-2006-2943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2943"
},
{
"name" : "19118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19118"
"name": "20060723 Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441039/100/0/threaded"
},
{
"name" : "ADV-2006-2943",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2943"
"name": "1283",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1283"
},
{
"name" : "21474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21474"
"name": "21474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21474"
},
{
"name" : "1283",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1283"
"name": "warzone-netrecvfile-bo(27915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27915"
},
{
"name" : "warzone-netrecvfile-bo(27915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27915"
"name": "19118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19118"
},
{
"name" : "warzone-recvtextmessage-bo(27910)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27910"
"name": "GLSA-200608-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml"
}
]
}

62
2006/6xxx/CVE-2006-6668.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6668",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6668",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "ADV-2006-5059",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5059"
"name": "ADV-2006-5059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5059"
}
]
}

74
2006/6xxx/CVE-2006-6818.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6818",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6818",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config."
"lang": "eng",
"value": "AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061227 Host directory full disclosure and input error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455352/100/0/threaded"
"name": "21787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21787"
},
{
"name" : "21787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21787"
"name": "host-directory-admin-security-bypass(31123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31123"
},
{
"name" : "host-directory-admin-security-bypass(31123)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31123"
"name": "20061227 Host directory full disclosure and input error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455352/100/0/threaded"
}
]
}

68
2006/6xxx/CVE-2006-6996.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6996",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6996",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "19697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19697"
"name": "19697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19697"
},
{
"name" : "warforgenews-multiple-xss(25901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25901"
"name": "warforgenews-multiple-xss(25901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25901"
}
]
}

86
2006/7xxx/CVE-2006-7082.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7082",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7082",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php."
"lang": "eng",
"value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060719 Multiple Vulnerabilities RPS",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"
"name": "28637",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28637"
},
{
"name" : "28637",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28637"
"name": "20060719 Multiple Vulnerabilities RPS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"
},
{
"name" : "28638",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28638"
"name": "rps-images-files-file-upload(27873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27873"
},
{
"name" : "2322",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2322"
"name": "28638",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28638"
},
{
"name" : "rps-images-files-file-upload(27873)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27873"
"name": "2322",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2322"
}
]
}

22
2011/0xxx/CVE-2011-0044.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0044",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-0044",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}

128
2011/0xxx/CVE-2011-0276.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0276",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0276",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a \"hidden account\" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class."
"lang": "eng",
"value": "HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a \"hidden account\" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110131 ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516093/100/0/threaded"
"name": "70754",
"refsource": "OSVDB",
"url": "http://osvdb.org/70754"
},
{
"name" : "16984",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16984"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-034",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-034"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-034",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-034"
"name": "SSRT090246",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453"
},
{
"name" : "HPSBMA02627",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453"
"name": "20110131 ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516093/100/0/threaded"
},
{
"name" : "SSRT090246",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453"
"name": "HPSBMA02627",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453"
},
{
"name" : "46079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46079"
"name": "8136",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8136"
},
{
"name" : "70754",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70754"
"name": "16984",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16984"
},
{
"name" : "1025014",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025014"
"name": "1025014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025014"
},
{
"name" : "43145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43145"
"name": "openview-dopost-code-execution(65038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65038"
},
{
"name" : "8136",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8136"
"name": "43145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43145"
},
{
"name" : "ADV-2011-0258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0258"
"name": "ADV-2011-0258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0258"
},
{
"name" : "openview-dopost-code-execution(65038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65038"
"name": "46079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46079"
}
]
}

86
2011/0xxx/CVE-2011-0543.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0543",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0543",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack."
"lang": "eng",
"value": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110201 CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/02/2"
"name": "[oss-security] 20110201 CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
},
{
"name" : "[oss-security] 20110203 Re: CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/03/5"
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "[oss-security] 20110208 Re: CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/08/4"
"name": "[oss-security] 20110203 Re: CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
},
{
"name" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47",
"refsource" : "CONFIRM",
"url" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47"
"name": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47",
"refsource": "CONFIRM",
"url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
"name": "[oss-security] 20110208 Re: CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
}
]
}

110
2011/0xxx/CVE-2011-0712.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0712",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0712",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c."
"lang": "eng",
"value": "Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/16/11"
"name": "USN-1146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name" : "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/16/12"
"name": "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/16/11"
},
{
"name" : "[oss-security] 20110216 kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/16/5"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=677881",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=677881"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581"
"name": "kernel-usbdevice-bo(65461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65461"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2"
"name": "46419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46419"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=677881",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=677881"
"name": "[oss-security] 20110216 kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/16/5"
},
{
"name" : "USN-1146-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1146-1"
"name": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581"
},
{
"name" : "46419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46419"
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2"
},
{
"name" : "kernel-usbdevice-bo(65461)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65461"
"name": "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/16/12"
}
]
}

68
2011/1xxx/CVE-2011-1251.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"DOM Manipulation Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"DOM Manipulation Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS11-050",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
"name": "oval:org.mitre.oval:def:12326",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12326"
},
{
"name" : "oval:org.mitre.oval:def:12326",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12326"
"name": "MS11-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050"
}
]
}

176
2011/1xxx/CVE-2011-1677.json
View File

@ -1,156 +1,156 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1677",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1677",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors."
"lang": "eng",
"value": "mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/11"
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/5"
},
{
"name" : "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/9"
"name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/9"
},
{
"name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/10"
"name": "utillinux-mount-unspecified(66703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66703"
},
{
"name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/12"
"name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/22/6"
},
{
"name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/3"
"name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/22/4"
},
{
"name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/7"
"name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/7"
},
{
"name" : "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/07/9"
"name": "48114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48114"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/5"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=688980",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/7"
"name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/9"
},
{
"name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/16"
"name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/01/2"
},
{
"name" : "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/15/6"
"name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/10"
},
{
"name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/22/4"
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/16"
},
{
"name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/22/6"
"name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/31/4"
},
{
"name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/31/3"
"name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/12"
},
{
"name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/31/4"
"name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/7"
},
{
"name" : "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/01/2"
"name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/11"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980"
"name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/3"
},
{
"name" : "RHSA-2011:1691",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1691.html"
"name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/31/3"
},
{
"name" : "48114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48114"
"name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/15/6"
},
{
"name" : "utillinux-mount-unspecified(66703)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66703"
"name": "RHSA-2011:1691",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1691.html"
}
]
}

122
2011/1xxx/CVE-2011-1797.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1797",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1797",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
"name": "DSA-2245",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2245"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "http://crbug.com/79075",
"refsource" : "CONFIRM",
"url" : "http://crbug.com/79075"
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "http://launchpad.net/bugs/778822",
"refsource" : "CONFIRM",
"url" : "http://launchpad.net/bugs/778822"
"name": "http://trac.webkit.org/changeset/85355",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/85355"
},
{
"name" : "http://trac.webkit.org/changeset/85355",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/85355"
"name": "http://crbug.com/79075",
"refsource": "CONFIRM",
"url": "http://crbug.com/79075"
},
{
"name" : "http://trac.webkit.org/changeset/86781",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/86781"
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
"name": "http://trac.webkit.org/changeset/86781",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/86781"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "DSA-2245",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2245"
"name": "http://launchpad.net/bugs/778822",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/778822"
}
]
}

86
2011/1xxx/CVE-2011-1850.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1850",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1850",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action."
"lang": "eng",
"value": "Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-162/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-162/"
"name": "HPSBGN02680",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
},
{
"name" : "HPSBGN02680",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
"name": "1025519",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025519"
},
{
"name" : "SSRT100361",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
"name": "SSRT100361",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
},
{
"name" : "47789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47789"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-162/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-162/"
},
{
"name" : "1025519",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025519"
"name": "47789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47789"
}
]
}

152
2011/3xxx/CVE-2011-3207.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3207",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3207",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past."
"lang": "eng",
"value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cvs.openssl.org/chngview?cn=21349",
"refsource" : "CONFIRM",
"url" : "http://cvs.openssl.org/chngview?cn=21349"
"name": "HPSBMU02752",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"
},
{
"name" : "http://openssl.org/news/secadv_20110906.txt",
"refsource" : "CONFIRM",
"url" : "http://openssl.org/news/secadv_20110906.txt"
"name": "SSRT100802",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=736087",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name" : "http://support.apple.com/kb/HT5784",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5784"
"name": "FEDORA-2012-18035",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
"name": "FEDORA-2011-12233",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html"
},
{
"name" : "APPLE-SA-2013-06-04-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
"name": "http://cvs.openssl.org/chngview?cn=21349",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=21349"
},
{
"name" : "FEDORA-2011-12233",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html"
"name": "45956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45956"
},
{
"name" : "FEDORA-2011-12281",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html"
"name": "MDVSA-2011:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
},
{
"name" : "FEDORA-2012-18035",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
"name": "FEDORA-2011-12281",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html"
},
{
"name" : "HPSBMU02752",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2"
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name" : "SSRT100802",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2"
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name" : "MDVSA-2011:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=736087",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087"
},
{
"name" : "RHSA-2011:1409",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1409.html"
"name": "1026012",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026012"
},
{
"name" : "1026012",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026012"
"name": "http://openssl.org/news/secadv_20110906.txt",
"refsource": "CONFIRM",
"url": "http://openssl.org/news/secadv_20110906.txt"
},
{
"name" : "45956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45956"
"name": "57353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57353"
},
{
"name" : "57353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57353"
"name": "RHSA-2011:1409",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html"
}
]
}

68
2011/3xxx/CVE-2011-3501.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value."
"lang": "eng",
"value": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://aluigi.altervista.org/adv/cogent_3-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
"name": "http://aluigi.altervista.org/adv/cogent_3-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}

22
2011/3xxx/CVE-2011-3662.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3662",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3662",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2011/3xxx/CVE-2011-3705.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3705",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3705",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files."
"lang": "eng",
"value": "Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4"
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}

68
2011/3xxx/CVE-2011-3998.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3998",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3998",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#37223351",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN37223351/index.html"
"name": "JVN#37223351",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN37223351/index.html"
},
{
"name" : "JVNDB-2011-000097",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000097"
"name": "JVNDB-2011-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000097"
}
]
}

74
2011/4xxx/CVE-2011-4045.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4045",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4045",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document."
"lang": "eng",
"value": "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"name" : "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257",
"refsource" : "CONFIRM",
"url" : "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257"
"name": "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257",
"refsource": "CONFIRM",
"url": "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257"
},
{
"name" : "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440",
"refsource" : "CONFIRM",
"url" : "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440"
"name": "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440",
"refsource": "CONFIRM",
"url": "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440"
}
]
}

80
2011/4xxx/CVE-2011-4371.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4371",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-4371",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
"lang": "eng",
"value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
"name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html"
},
{
"name" : "51351",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51351"
"name": "51351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51351"
},
{
"name" : "oval:org.mitre.oval:def:14809",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14809"
"name": "oval:org.mitre.oval:def:14809",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14809"
},
{
"name" : "1026496",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026496"
"name": "1026496",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026496"
}
]
}

68
2011/4xxx/CVE-2011-4512.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4512",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4512",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
"lang": "eng",
"value": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}

86
2011/4xxx/CVE-2011-4789.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4789",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4789",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that \"the vulnerable product is actually HP LoadRunner.\""
"lang": "eng",
"value": "Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that \"the vulnerable product is actually HP LoadRunner.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-12-016/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-12-016/"
"name": "78309",
"refsource": "OSVDB",
"url": "http://osvdb.org/78309"
},
{
"name" : "HPSBMU02785",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705"
"name": "http://zerodayinitiative.com/advisories/ZDI-12-016/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-12-016/"
},
{
"name" : "SSRT100526",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705"
"name": "51398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51398"
},
{
"name" : "51398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51398"
"name": "SSRT100526",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705"
},
{
"name" : "78309",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78309"
"name": "HPSBMU02785",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705"
}
]
}

128
2011/4xxx/CVE-2011-4940.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4940",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4940",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding."
"lang": "eng",
"value": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.python.org/issue11442",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue11442"
"name": "USN-1592-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1592-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=803500",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
"name": "JVN#51176027",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51176027/index.html"
},
{
"name" : "USN-1596-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1596-1"
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name" : "USN-1613-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-2"
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name" : "USN-1592-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1592-1"
"name": "http://bugs.python.org/issue11442",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue11442"
},
{
"name" : "USN-1613-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-1"
"name": "54083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54083"
},
{
"name" : "JVN#51176027",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN51176027/index.html"
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name" : "JVNDB-2012-000063",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name" : "54083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54083"
"name": "JVNDB-2012-000063",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
},
{
"name" : "50858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50858"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=803500",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
},
{
"name" : "51024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51024"
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name" : "51040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51040"
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
}
]
}

74
2013/5xxx/CVE-2013-5533.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5533",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5533",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334."
"lang": "eng",
"value": "The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131010 Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533"
"name": "20131010 Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533"
},
{
"name" : "62943",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62943"
"name": "62943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62943"
},
{
"name" : "98337",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98337"
"name": "98337",
"refsource": "OSVDB",
"url": "http://osvdb.org/98337"
}
]
}

22
2013/5xxx/CVE-2013-5632.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5632",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5632",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}

128
2013/5xxx/CVE-2013-5855.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5855",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5855",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors."
"lang": "eng",
"value": "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
"name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU",
"refsource": "MISC",
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU"
},
{
"name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU",
"refsource" : "MISC",
"url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU"
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "https://java.net/jira/browse/JAVASERVERFACES-3150",
"refsource" : "CONFIRM",
"url" : "https://java.net/jira/browse/JAVASERVERFACES-3150"
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name" : "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258",
"refsource" : "CONFIRM",
"url" : "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258"
"name": "65600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65600"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
"name": "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258",
"refsource": "CONFIRM",
"url": "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "RHSA-2015:0765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
"name": "https://java.net/jira/browse/JAVASERVERFACES-3150",
"refsource": "CONFIRM",
"url": "https://java.net/jira/browse/JAVASERVERFACES-3150"
},
{
"name" : "65600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65600"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}
]
}

86
2013/5xxx/CVE-2013-5970.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5970",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5970",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic."
"lang": "eng",
"value": "hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2013-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
"name": "vmware-esxi-cve20135970-dos(88135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88135"
},
{
"name" : "63216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63216"
"name": "63216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63216"
},
{
"name" : "98719",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98719"
"name": "1029206",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029206"
},
{
"name" : "1029206",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029206"
"name": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html"
},
{
"name" : "vmware-esxi-cve20135970-dos(88135)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88135"
"name": "98719",
"refsource": "OSVDB",
"url": "http://osvdb.org/98719"
}
]
}

92
2014/2xxx/CVE-2014-2277.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2277",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2277",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function."
"lang": "eng",
"value": "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140308 Re: possible CVE requests: perltidy insecure temporary file usage",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/09/1"
"name": "FEDORA-2014-3874",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1074720",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1074720"
"name": "perltidy-cve20142277-symlink(92104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92104"
},
{
"name" : "FEDORA-2014-3874",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html"
"name": "66139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66139"
},
{
"name" : "FEDORA-2014-3891",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html"
"name": "FEDORA-2014-3891",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html"
},
{
"name" : "66139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66139"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1074720",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074720"
},
{
"name" : "perltidy-cve20142277-symlink(92104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92104"
"name": "[oss-security] 20140308 Re: possible CVE requests: perltidy insecure temporary file usage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/09/1"
}
]
}

86
2014/2xxx/CVE-2014-2664.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2664",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2664",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://karmainsecurity.com/KIS-2014-04",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-04"
"name": "x2crm-cve20142664-file-upload(92169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92169"
},
{
"name" : "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4",
"refsource" : "MISC",
"url" : "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4"
"name": "57315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57315"
},
{
"name" : "66506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66506/discuss"
"name": "66506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66506/discuss"
},
{
"name" : "57315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57315"
"name": "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4"
},
{
"name" : "x2crm-cve20142664-file-upload(92169)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92169"
"name": "http://karmainsecurity.com/KIS-2014-04",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-04"
}
]
}

68
2014/2xxx/CVE-2014-2903.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2903",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2903",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake."
"lang": "eng",
"value": "CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2"
"name": "62604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62604"
},
{
"name" : "62604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62604"
"name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/2"
}
]
}

74
2014/2xxx/CVE-2014-2946.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2946",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2946",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html",
"refsource" : "MISC",
"url" : "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html"
"name": "VU#325636",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/325636"
},
{
"name" : "VU#325636",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/325636"
"name": "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html",
"refsource": "MISC",
"url": "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html"
},
{
"name" : "58992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58992"
"name": "58992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58992"
}
]
}

74
2014/6xxx/CVE-2014-6010.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6010",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6010",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#958169",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/958169"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#958169",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/958169"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

22
2014/6xxx/CVE-2014-6372.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6372",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-6372",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}

74
2014/7xxx/CVE-2014-7457.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7457",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7457",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#382737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/382737"
},
{
"name" : "VU#382737",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/382737"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2014/7xxx/CVE-2014-7575.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7575",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7575",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#223017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/223017"
},
{
"name" : "VU#223017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/223017"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

74
2017/0xxx/CVE-2017-0066.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0066",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0066",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Edge",
"version" : {
"version_data" : [
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value" : "Edge"
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140."
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066"
},
{
"name" : "96655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96655"
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
},
{
"name" : "1038006",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038006"
"name": "96655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96655"
}
]
}

80
2017/0xxx/CVE-2017-0165.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0165",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0165",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows",
"version" : {
"version_data" : [
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value" : "Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2"
"version_value": "Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka \"Windows Elevation of Privilege Vulnerability.\""
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka \"Windows Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "41901",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41901/"
"name": "41901",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41901/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165"
},
{
"name" : "97467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97467"
"name": "1038239",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038239"
},
{
"name" : "1038239",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038239"
"name": "97467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97467"
}
]
}

22
2017/0xxx/CVE-2017-0232.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0232",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0232",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

96
2017/0xxx/CVE-2017-0540.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0540",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0540",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Android-5.0.2"
"version_value": "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
"version_value": "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
"version_value": "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
"version_value": "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
"version_value": "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031."
"lang": "eng",
"value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853"
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
"name": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853"
},
{
"name" : "97330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97330"
"name": "97330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97330"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}

22
2017/0xxx/CVE-2017-0955.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0955",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0955",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

66
2017/1000xxx/CVE-2017-1000107.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.321581",
"ID" : "CVE-2017-1000107",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.321581",
"ID": "CVE-2017-1000107",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins Script Security Plugin",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "1.30 and earlier"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins Script Security Plugin"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection."
"lang": "eng",
"value": "Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Sandbox Bypass"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jenkins.io/security/advisory/2017-08-07/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-08-07/"
"name": "https://jenkins.io/security/advisory/2017-08-07/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-08-07/"
}
]
}

66
2017/1000xxx/CVE-2017-1000156.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.368829",
"ID" : "CVE-2017-1000156",
"REQUESTER" : "info@mahara.org",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.368829",
"ID": "CVE-2017-1000156",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Mahara",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "<15.04.9, <15.10.5, <16.04.3"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Mahara"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role."
"lang": "eng",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1609200",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/mahara/+bug/1609200"
"name": "https://bugs.launchpad.net/mahara/+bug/1609200",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
}
]
}

70
2017/18xxx/CVE-2017-18138.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18138",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18138",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850"
"version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur."
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in GERAN"
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in GERAN"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}

74
2017/18xxx/CVE-2017-18294.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18294",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18294",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
"product_name": "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value" : "FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20"
"version_value": "FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20."
"lang": "eng",
"value": "While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Improper Input Validation in QSEECOM Driver"
"lang": "eng",
"value": "Improper Input Validation in QSEECOM Driver"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name" : "1041432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041432"
"name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
}
]
}

22
2017/1xxx/CVE-2017-1243.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1243",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1243",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2017/1xxx/CVE-2017-1373.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-17T00:00:00",
"ID" : "CVE-2017-1373",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-1373",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "TRIRIGA Application Platform",
"version" : {
"version_data" : [
"product_name": "TRIRIGA Application Platform",
"version": {
"version_data": [
{
"version_value" : "3.3"
"version_value": "3.3"
},
{
"version_value" : "3.3.1"
"version_value": "3.3.1"
},
{
"version_value" : "3.3.2"
"version_value": "3.3.2"
},
{
"version_value" : "3.4"
"version_value": "3.4"
},
{
"version_value" : "3.4.1"
"version_value": "3.4.1"
},
{
"version_value" : "3.4.2"
"version_value": "3.4.2"
},
{
"version_value" : "3.5"
"version_value": "3.5"
},
{
"version_value" : "3.5.1"
"version_value": "3.5.1"
},
{
"version_value" : "3.5.2"
"version_value": "3.5.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866."
"lang": "eng",
"value": "Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Privileges"
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866"
"name": "99908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99908"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004677",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004677"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866"
},
{
"name" : "99908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99908"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004677",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004677"
}
]
}

22
2017/1xxx/CVE-2017-1466.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1466",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1466",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/1xxx/CVE-2017-1603.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1603",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1603",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

108
2017/1xxx/CVE-2017-1679.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-06T00:00:00",
"ID" : "CVE-2017-1679",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-1679",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "OpenPages GRC Platform",
"version" : {
"version_data" : [
"product_name": "OpenPages GRC Platform",
"version": {
"version_data": [
{
"version_value" : "7.2"
"version_value": "7.2"
},
{
"version_value" : "7.3"
"version_value": "7.3"
},
{
"version_value" : "7.4"
"version_value": "7.4"
},
{
"version_value" : "8.0"
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001."
"lang": "eng",
"value": "IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "6.200",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "6.200",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728737",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728737"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10728737",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10728737"
},
{
"name" : "ibm-openpages-cve20171679-info-disc(134001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134001"
"name": "ibm-openpages-cve20171679-info-disc(134001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134001"
}
]
}

22
2017/4xxx/CVE-2017-4954.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4954",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-4954",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

122
2017/5xxx/CVE-2017-5336.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5336",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-5336",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate."
"lang": "eng",
"value": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/10/7"
"name": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
},
{
"name" : "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/11/4"
"name": "95377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95377"
},
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
"name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/7"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732"
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name" : "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
"refsource" : "CONFIRM",
"url" : "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
"name": "1037576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037576"
},
{
"name" : "GLSA-201702-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-04"
"name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/4"
},
{
"name" : "RHSA-2017:0574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name" : "RHSA-2017:2292",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2292"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340"
},
{
"name" : "openSUSE-SU-2017:0386",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name" : "95377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95377"
"name": "GLSA-201702-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-04"
},
{
"name" : "1037576",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037576"
"name": "https://gnutls.org/security.html#GNUTLS-SA-2017-2",
"refsource": "CONFIRM",
"url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2"
}
]
}

68
2017/5xxx/CVE-2017-5517.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5517",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5517",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter."
"lang": "eng",
"value": "SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/semplon/GeniXCMS/issues/66",
"refsource" : "CONFIRM",
"url" : "https://github.com/semplon/GeniXCMS/issues/66"
"name": "https://github.com/semplon/GeniXCMS/issues/66",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/issues/66"
},
{
"name" : "95455",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95455"
"name": "95455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95455"
}
]
}

74
2017/5xxx/CVE-2017-5949.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5949",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5949",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm."
"lang": "eng",
"value": "JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=167239",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=167239"
"name": "97298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97298"
},
{
"name" : "https://trac.webkit.org/changeset/211479",
"refsource" : "CONFIRM",
"url" : "https://trac.webkit.org/changeset/211479"
"name": "https://trac.webkit.org/changeset/211479",
"refsource": "CONFIRM",
"url": "https://trac.webkit.org/changeset/211479"
},
{
"name" : "97298",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97298"
"name": "https://bugs.webkit.org/show_bug.cgi?id=167239",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=167239"
}
]
}