admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:51:15 +00:00
parent 567fec6275
commit b1a46aea8b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3531 additions and 3531 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/2xxx/CVE-2006-2397.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060513 Gphotos Directory Traversal and Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433936/100/0/threaded"
},
{
"name" : "17967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17967"
},
{
"name" : "ADV-2006-1806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1806"
},
{
"name" : "25497",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25497"
},
{
"name" : "25498",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25498"
},
{
"name" : "25499",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25499"
},
{
"name" : "20095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20095"
},
{
"name" : "906",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/906"
},
{
"name" : "gphotos-multiple-xss(26426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17967"
},
{
"name": "ADV-2006-1806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1806"
},
{
"name": "25499",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25499"
},
{
"name": "gphotos-multiple-xss(26426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26426"
},
{
"name": "25497",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25497"
},
{
"name": "25498",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25498"
},
{
"name": "20095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20095"
},
{
"name": "20060513 Gphotos Directory Traversal and Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433936/100/0/threaded"
},
{
"name": "906",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/906"
}
]
}
}

180
2006/2xxx/CVE-2006-2427.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060515 DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"name" : "http://www.digitalmunition.com/DMA[2006-0514a].txt",
"refsource" : "MISC",
"url" : "http://www.digitalmunition.com/DMA[2006-0514a].txt"
},
{
"name" : "ADV-2006-1807",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1807"
},
{
"name" : "1016086",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016086"
},
{
"name" : "20085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20085"
},
{
"name" : "912",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/912"
},
{
"name" : "clamxav-freshclam-insecure-privileges(26453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamxav-freshclam-insecure-privileges(26453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
},
{
"name": "1016086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016086"
},
{
"name": "20060515 DMA[2006-0514a] - 'ClamAV freshclam incorrect privilege drop'",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"name": "ADV-2006-1807",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"name": "20085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20085"
},
{
"name": "912",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/912"
},
{
"name": "http://www.digitalmunition.com/DMA[2006-0514a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2006-0514a].txt"
}
]
}
}

200
2006/2xxx/CVE-2006-2660.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060611 tempnam() Bypass unique file name PHP 5.1.4",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436785/100/0/threaded"
},
{
"name" : "20060611 tempnam() Bypass unique file name PHP 5.1.4",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html"
},
{
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134"
},
{
"name" : "MDKSA-2006:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name" : "USN-320-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name" : "1016271",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016271"
},
{
"name" : "21125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21125"
},
{
"name" : "1069",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1069"
},
{
"name" : "php-tempnam-bypass(27049)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "php-tempnam-bypass(27049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27049"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134"
},
{
"name": "20060611 tempnam() Bypass unique file name PHP 5.1.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436785/100/0/threaded"
},
{
"name": "1016271",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016271"
},
{
"name": "20060611 tempnam() Bypass unique file name PHP 5.1.4",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html"
},
{
"name": "USN-320-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name": "MDKSA-2006:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"
},
{
"name": "21125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21125"
},
{
"name": "1069",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1069"
}
]
}
}

200
2006/3xxx/CVE-2006-3047.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060613 TikiWiki Sql injection & XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840"
},
{
"name" : "GLSA-200606-29",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
},
{
"name" : "18421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18421"
},
{
"name" : "ADV-2006-2349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name" : "20648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20648"
},
{
"name" : "20850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20850"
},
{
"name" : "1102",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1102"
},
{
"name" : "tikiwiki-script-errors-xss(27145)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20648"
},
{
"name": "20060613 TikiWiki Sql injection & XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "tikiwiki-script-errors-xss(27145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
},
{
"name": "ADV-2006-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840"
},
{
"name": "GLSA-200606-29",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
]
}
}

230
2006/3xxx/CVE-2006-3146.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to \"Ping o' Death\" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437811/100/0/threaded"
},
{
"name" : "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name" : "http://trifinite.org/trifinite_advisory_toshiba.html",
"refsource" : "MISC",
"url" : "http://trifinite.org/trifinite_advisory_toshiba.html"
},
{
"name" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource" : "MISC",
"url" : "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name" : "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html",
"refsource" : "MISC",
"url" : "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html"
},
{
"name" : "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2",
"refsource" : "CONFIRM",
"url" : "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name" : "18527",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18527"
},
{
"name" : "ADV-2006-2455",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2455"
},
{
"name" : "26686",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26686"
},
{
"name" : "1016345",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016345"
},
{
"name" : "20657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20657"
},
{
"name" : "toshiba-bluetooth-dos(27228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to \"Ping o' Death\" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2455"
},
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "toshiba-bluetooth-dos(27228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27228"
},
{
"name": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource": "MISC",
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "20657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20657"
},
{
"name": "1016345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016345"
},
{
"name": "http://trifinite.org/trifinite_advisory_toshiba.html",
"refsource": "MISC",
"url": "http://trifinite.org/trifinite_advisory_toshiba.html"
},
{
"name": "20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437811/100/0/threaded"
},
{
"name": "26686",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26686"
},
{
"name": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2",
"refsource": "CONFIRM",
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "18527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18527"
},
{
"name": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html",
"refsource": "MISC",
"url": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html"
}
]
}
}

260
2006/3xxx/CVE-2006-3815.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html",
"refsource" : "CONFIRM",
"url" : "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html"
},
{
"name" : "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514",
"refsource" : "CONFIRM",
"url" : "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514"
},
{
"name" : "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt",
"refsource" : "CONFIRM",
"url" : "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt"
},
{
"name" : "DSA-1128",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1128"
},
{
"name" : "GLSA-200608-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-23.xml"
},
{
"name" : "MDKSA-2006:142",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:142"
},
{
"name" : "USN-326-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-326-1"
},
{
"name" : "19186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19186"
},
{
"name" : "ADV-2006-2994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2994"
},
{
"name" : "1016602",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016602"
},
{
"name" : "21162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21162"
},
{
"name" : "21231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21231"
},
{
"name" : "21240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21240"
},
{
"name" : "21521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21521"
},
{
"name" : "21629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21231"
},
{
"name": "ADV-2006-2994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2994"
},
{
"name": "GLSA-200608-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-23.xml"
},
{
"name": "21629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21629"
},
{
"name": "DSA-1128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1128"
},
{
"name": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html",
"refsource": "CONFIRM",
"url": "http://www.mail-archive.com/linux-ha-cvs%40lists.linux-ha.org/msg00753.html"
},
{
"name": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt",
"refsource": "CONFIRM",
"url": "http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt"
},
{
"name": "MDKSA-2006:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:142"
},
{
"name": "1016602",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016602"
},
{
"name": "21162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21162"
},
{
"name": "19186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19186"
},
{
"name": "USN-326-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-326-1"
},
{
"name": "21240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21240"
},
{
"name": "21521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21521"
},
{
"name": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514",
"refsource": "CONFIRM",
"url": "http://cvs.linux-ha.org/viewcvs/viewcvs.cgi/linux-ha/heartbeat/heartbeat.c?r1=1.513&r2=1.514"
}
]
}
}

180
2006/3xxx/CVE-2006-3958.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource" : "CONFIRM",
"url" : "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name" : "https://www.pkrinternet.com/taskjitsu/task/3477",
"refsource" : "CONFIRM",
"url" : "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name" : "19251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19251"
},
{
"name" : "ADV-2006-3058",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name" : "27637",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27637"
},
{
"name" : "21242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21242"
},
{
"name" : "taskjitsu-unspecified-xss(28178)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3477",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19251"
},
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
]
}
}

140
2006/3xxx/CVE-2006-3999.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060801 ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441829/100/0/threaded"
},
{
"name" : "1016618",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016618"
},
{
"name" : "1338",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016618",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016618"
},
{
"name": "20060801 ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441829/100/0/threaded"
},
{
"name": "1338",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1338"
}
]
}
}

170
2006/4xxx/CVE-2006-4715.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html",
"refsource" : "MISC",
"url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html"
},
{
"name" : "2337",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2337"
},
{
"name" : "19934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19934"
},
{
"name" : "ADV-2006-3548",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3548"
},
{
"name" : "21855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21855"
},
{
"name" : "vivvo-pdfversion-sql-injection(28833)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19934"
},
{
"name": "21855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21855"
},
{
"name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html",
"refsource": "MISC",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1464/exploit.html"
},
{
"name": "2337",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2337"
},
{
"name": "ADV-2006-3548",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3548"
},
{
"name": "vivvo-pdfversion-sql-injection(28833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28833"
}
]
}
}

180
2006/6xxx/CVE-2006-6132.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061121 Link Exchange Lite [injection sql]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452256/100/0/threaded"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=53",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=53"
},
{
"name" : "21239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21239"
},
{
"name" : "ADV-2006-4656",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4656"
},
{
"name" : "23068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23068"
},
{
"name" : "1920",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1920"
},
{
"name" : "linkexchangelite-linkslist-sql-injection(30460)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53"
},
{
"name": "ADV-2006-4656",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4656"
},
{
"name": "1920",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1920"
},
{
"name": "20061121 Link Exchange Lite [injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452256/100/0/threaded"
},
{
"name": "21239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21239"
},
{
"name": "linkexchangelite-linkslist-sql-injection(30460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30460"
},
{
"name": "23068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23068"
}
]
}
}

120
2006/6xxx/CVE-2006-6685.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "22967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22967"
}
]
}
}

160
2006/6xxx/CVE-2006-6753.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061221 Fun with event logs (semi-offtopic)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455044/100/0/threaded"
},
{
"name" : "20061221 RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455087/100/0/threaded"
},
{
"name" : "20061221 RE: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455079/100/0/threaded"
},
{
"name" : "20061221 Re: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455077/100/0/threaded"
},
{
"name" : "20061221 Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455071/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061221 Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455071/100/0/threaded"
},
{
"name": "20061221 RE: Re[2]: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455087/100/0/threaded"
},
{
"name": "20061221 Re: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455077/100/0/threaded"
},
{
"name": "20061221 Fun with event logs (semi-offtopic)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455044/100/0/threaded"
},
{
"name": "20061221 RE: [Full-disclosure] Fun with event logs (semi-offtopic)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455079/100/0/threaded"
}
]
}
}

160
2006/7xxx/CVE-2006-7038.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) \"long command lines at port 32000\" and (2) certain name service queries that are not properly handled by the SMTP service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.atrium-software.com/download/McrReadMe_EN.html",
"refsource" : "CONFIRM",
"url" : "http://www.atrium-software.com/download/McrReadMe_EN.html"
},
{
"name" : "18462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18462"
},
{
"name" : "ADV-2006-2354",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2354"
},
{
"name" : "20432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20432"
},
{
"name" : "mercur-nameserver-dos(27231)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) \"long command lines at port 32000\" and (2) certain name service queries that are not properly handled by the SMTP service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18462"
},
{
"name": "ADV-2006-2354",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2354"
},
{
"name": "20432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20432"
},
{
"name": "mercur-nameserver-dos(27231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27231"
},
{
"name": "http://www.atrium-software.com/download/McrReadMe_EN.html",
"refsource": "CONFIRM",
"url": "http://www.atrium-software.com/download/McrReadMe_EN.html"
}
]
}
}

170
2006/7xxx/CVE-2006-7138.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449498/100/0/threaded"
},
{
"name" : "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "2346",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2346"
},
{
"name" : "oracle-wwvflow-sql-injection(30106)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_apex_sql_injection_wwv_flow_utilities.html"
},
{
"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050265.html"
},
{
"name": "oracle-wwvflow-sql-injection(30106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30106"
},
{
"name": "20061023 SQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449498/100/0/threaded"
},
{
"name": "2346",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2346"
}
]
}
}

130
2010/2xxx/CVE-2010-2407.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2407",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0007.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110107 CVE Request - pimd - Insecure file creation in /var/tmp",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/07/3"
},
{
"name" : "[oss-security] 20110107 Re: CVE Request - pimd - Insecure file creation in /var/tmp",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/07/4"
},
{
"name" : "DSA-2147",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2147"
},
{
"name" : "45715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45715"
},
{
"name" : "70305",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70305"
},
{
"name" : "42759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42759"
},
{
"name" : "42793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42793"
},
{
"name" : "ADV-2011-0113",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0113"
},
{
"name" : "pimd-pimd-symlink(64528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2147",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2147"
},
{
"name": "42793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42793"
},
{
"name": "[oss-security] 20110107 CVE Request - pimd - Insecure file creation in /var/tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/07/3"
},
{
"name": "[oss-security] 20110107 Re: CVE Request - pimd - Insecure file creation in /var/tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/07/4"
},
{
"name": "42759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42759"
},
{
"name": "pimd-pimd-symlink(64528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64528"
},
{
"name": "45715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45715"
},
{
"name": "ADV-2011-0113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0113"
},
{
"name": "70305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70305"
}
]
}
}

230
2011/0xxx/CVE-2011-0048.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/3.2.9/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.9/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628034",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628034"
},
{
"name" : "DSA-2322",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2322"
},
{
"name" : "FEDORA-2011-0741",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name" : "FEDORA-2011-0755",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name" : "45982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45982"
},
{
"name" : "70704",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70704"
},
{
"name" : "43033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43033"
},
{
"name" : "43165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43165"
},
{
"name" : "ADV-2011-0207",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name" : "ADV-2011-0271",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name" : "bugzilla-url-xss(65005)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45982"
},
{
"name": "43165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43165"
},
{
"name": "http://www.bugzilla.org/security/3.2.9/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.9/"
},
{
"name": "FEDORA-2011-0741",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html"
},
{
"name": "ADV-2011-0271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0271"
},
{
"name": "43033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43033"
},
{
"name": "ADV-2011-0207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0207"
},
{
"name": "FEDORA-2011-0755",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html"
},
{
"name": "70704",
"refsource": "OSVDB",
"url": "http://osvdb.org/70704"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628034",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628034"
},
{
"name": "DSA-2322",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2322"
},
{
"name": "bugzilla-url-xss(65005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65005"
}
]
}
}

180
2011/0xxx/CVE-2011-0126.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:16788",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16788",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16788"
},
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}
}

150
2011/0xxx/CVE-2011-0252.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "oval:org.mitre.oval:def:15884",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:15884",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
}
]
}
}

34
2011/0xxx/CVE-2011-0368.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2011/1xxx/CVE-2011-1331.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerability",
"refsource" : "MISC",
"url" : "http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerability"
},
{
"name" : "http://www.justsystems.com/jp/info/js11001.html",
"refsource" : "CONFIRM",
"url" : "http://www.justsystems.com/jp/info/js11001.html"
},
{
"name" : "JVN#87239473",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN87239473/index.html"
},
{
"name" : "JVNDB-2011-000043",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000043"
},
{
"name" : "48283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48283"
},
{
"name" : "44956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44956"
},
{
"name" : "ichitaro-unspec-bo(68072)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44956"
},
{
"name": "48283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48283"
},
{
"name": "JVNDB-2011-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000043"
},
{
"name": "ichitaro-unspec-bo(68072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68072"
},
{
"name": "http://www.justsystems.com/jp/info/js11001.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/js11001.html"
},
{
"name": "http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerability",
"refsource": "MISC",
"url": "http://www.symantec.com/connect/blogs/targeted-attacks-2011-using-ichitaro-zero-day-vulnerability"
},
{
"name": "JVN#87239473",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87239473/index.html"
}
]
}
}

160
2011/1xxx/CVE-2011-1428.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
},
{
"name" : "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
},
{
"name" : "http://savannah.nongnu.org/patch/index.php?7459",
"refsource" : "CONFIRM",
"url" : "http://savannah.nongnu.org/patch/index.php?7459"
},
{
"name" : "46612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46612"
},
{
"name" : "43543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://savannah.nongnu.org/patch/index.php?7459",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/patch/index.php?7459"
},
{
"name": "46612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46612"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
},
{
"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
},
{
"name": "43543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43543"
}
]
}
}

34
2011/1xxx/CVE-2011-1459.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1459",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1459",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/1xxx/CVE-2011-1856.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02681",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
},
{
"name" : "SSRT100493",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
},
{
"name" : "1025535",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025535"
},
{
"name" : "44569",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02681",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
},
{
"name": "SSRT100493",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
},
{
"name": "1025535",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025535"
},
{
"name": "44569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44569"
}
]
}
}

190
2011/3xxx/CVE-2011-3012.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110728 Two security issues fixed in ioQuake3 engine",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/519051/100/0/threaded"
},
{
"name" : "20110728 Two security issues fixed in ioQuake3 engine",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951"
},
{
"name" : "GLSA-201706-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-23"
},
{
"name" : "48915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48915"
},
{
"name" : "8324",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8324"
},
{
"name" : "ioquake-gamecode-code-execution(68870)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870"
},
{
"name" : "ioquake-file-extensions-code-execution(69164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110728 Two security issues fixed in ioQuake3 engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html"
},
{
"name": "ioquake-gamecode-code-execution(68870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=725951",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951"
},
{
"name": "ioquake-file-extensions-code-execution(69164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69164"
},
{
"name": "48915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48915"
},
{
"name": "20110728 Two security issues fixed in ioQuake3 engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded"
},
{
"name": "8324",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8324"
},
{
"name": "GLSA-201706-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-23"
}
]
}
}

280
2011/3xxx/CVE-2011-3034.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=111748",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=111748"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "GLSA-201203-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name" : "openSUSE-SU-2012:0374",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
},
{
"name" : "52271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52271"
},
{
"name" : "oval:org.mitre.oval:def:14839",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14839"
},
{
"name" : "1026759",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026759"
},
{
"name" : "48527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48527"
},
{
"name" : "48419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48419"
},
{
"name" : "48265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48265"
},
{
"name" : "google-svg-document-code-exec(73645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "1026759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026759"
},
{
"name": "48527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48527"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=111748",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=111748"
},
{
"name": "48265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48265"
},
{
"name": "48419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48419"
},
{
"name": "openSUSE-SU-2012:0374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
},
{
"name": "google-svg-document-code-exec(73645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73645"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "52271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52271"
},
{
"name": "GLSA-201203-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name": "oval:org.mitre.oval:def:14839",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14839"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
}
]
}
}

130
2011/4xxx/CVE-2011-4231.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-4231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html"
},
{
"name" : "http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html"
}
]
}
}

34
2011/4xxx/CVE-2011-4392.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4392",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4392",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

34
2011/4xxx/CVE-2011-4574.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4574",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4574",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2011/4xxx/CVE-2011-4879.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18166",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18166"
},
{
"name" : "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name" : "77384",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77384"
},
{
"name" : "simatic-miniweb-dos(71453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77384"
},
{
"name": "simatic-miniweb-dos(71453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}

34
2013/5xxx/CVE-2013-5633.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5633",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5633",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}

160
2014/2xxx/CVE-2014-2197.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
},
{
"name" : "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
},
{
"name" : "68333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68333"
},
{
"name" : "1030515",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030515"
},
{
"name" : "59573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59573"
},
{
"name": "1030515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030515"
},
{
"name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
},
{
"name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
},
{
"name": "68333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68333"
}
]
}
}

280
2014/2xxx/CVE-2014-2423.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name" : "DSA-2912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2912"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "HPSBUX03092",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101668",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "RHSA-2014:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name" : "RHSA-2014:0685",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name" : "RHSA-2014:0413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "USN-2191-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name" : "USN-2187-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name" : "66887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66887"
},
{
"name" : "58415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2187-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name": "RHSA-2014:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name": "66887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66887"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "USN-2191-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "RHSA-2014:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name": "DSA-2912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2912"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "58415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58415"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
}

140
2014/6xxx/CVE-2014-6744.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#398049",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/398049"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#398049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/398049"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6876.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#636705",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/636705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#636705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/636705"
}
]
}
}

140
2014/7xxx/CVE-2014-7013.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#132113",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/132113"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#132113",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/132113"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7384.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#785073",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/785073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#785073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/785073"
}
]
}
}

140
2014/7xxx/CVE-2014-7527.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57.13354.63350 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#726289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/726289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57.13354.63350 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#726289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/726289"
}
]
}
}

150
2017/0xxx/CVE-2017-0327.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2017-0327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "97333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97333"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97333"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name": "https://source.android.com/security/bulletin/2017-04-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

34
2017/0xxx/CVE-2017-0997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/18xxx/CVE-2017-18170.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Underflow vulnerability in Bluetooth controller"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components"
},
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Underflow vulnerability in Bluetooth controller"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components"
}
]
}
}

288
2017/1xxx/CVE-2017-1315.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00",
"ID" : "CVE-2017-1315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
},
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-28T00:00:00",
"ID": "CVE-2017-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-prd-trops.events.ibm.com/node/715749",
"refsource" : "CONFIRM",
"url" : "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name" : "ibm-rqm-cve20171315-xss(125727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name": "ibm-rqm-cve20171315-xss(125727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727"
}
]
}
}

172
2017/1xxx/CVE-2017-1424.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-22T00:00:00",
"ID" : "CVE-2017-1424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Business Process Manager Advanced",
"version" : {
"version_data" : [
{
"version_value" : "8.5.7"
},
{
"version_value" : "8.5.7.CF201609"
},
{
"version_value" : "8.5.7.CF201606"
},
{
"version_value" : "8.5.7.CF201612"
},
{
"version_value" : "8.5.7.CF201703"
},
{
"version_value" : "8.5.7.CF201706"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-22T00:00:00",
"ID": "CVE-2017-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Process Manager Advanced",
"version": {
"version_data": [
{
"version_value": "8.5.7"
},
{
"version_value": "8.5.7.CF201609"
},
{
"version_value": "8.5.7.CF201606"
},
{
"version_value": "8.5.7.CF201612"
},
{
"version_value": "8.5.7.CF201703"
},
{
"version_value": "8.5.7.CF201706"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127477",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127477"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005112",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005112"
},
{
"name" : "100962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100962"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005112",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005112"
},
{
"name": "100962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100962"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127477",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127477"
}
]
}
}

34
2017/1xxx/CVE-2017-1841.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1841",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1841",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1970.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1970",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1970",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

190
2017/5xxx/CVE-2017-5579.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-5579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/24/8"
},
{
"name" : "[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/25/3"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b",
"refsource" : "CONFIRM",
"url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
},
{
"name" : "GLSA-201702-28",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-28"
},
{
"name" : "RHSA-2017:2392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name" : "RHSA-2017:2408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name" : "95780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95780"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/8"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95780"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/3"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}