admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:04:39 +00:00
parent 9081ef56ee
commit b32e0750dd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3893 additions and 3893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

358
2006/3xxx/CVE-2006-3334.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to \"chunk error processing,\" possibly involving the \"chunk_name\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060719 rPSA-2006-0133-1 libpng",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440594/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123"
},
{
"name" : "https://issues.rpath.com/browse/RPL-517",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-517"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "GLSA-200607-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200607-06.xml"
},
{
"name" : "GLSA-200812-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name" : "MDKSA-2006:209",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:209"
},
{
"name" : "MDKSA-2006:210",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:210"
},
{
"name" : "MDKSA-2006:211",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:211"
},
{
"name" : "MDKSA-2006:212",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name" : "MDKSA-2006:213",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name" : "SUSE-SR:2006:016",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name" : "SUSE-SR:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name" : "18698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18698"
},
{
"name" : "ADV-2006-2585",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2585"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "22956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22956"
},
{
"name" : "22957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22957"
},
{
"name" : "22958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22958"
},
{
"name" : "23335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23335"
},
{
"name" : "20960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20960"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
},
{
"name" : "33137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33137"
},
{
"name" : "libpng-pngdecompresschunk-bo(27468)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27468"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to \"chunk error processing,\" possibly involving the \"chunk_name\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200607-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200607-06.xml"
},
{
"name": "18698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18698"
},
{
"name": "MDKSA-2006:209",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:209"
},
{
"name": "22956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22956"
},
{
"name": "22958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22958"
},
{
"name": "20060719 rPSA-2006-0133-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440594/100/0/threaded"
},
{
"name": "SUSE-SR:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
},
{
"name": "ADV-2006-2585",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2585"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "23335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23335"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "MDKSA-2006:210",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:210"
},
{
"name": "GLSA-200812-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-15.xml"
},
{
"name": "MDKSA-2006:213",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name": "MDKSA-2006:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "33137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33137"
},
{
"name": "https://issues.rpath.com/browse/RPL-517",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-517"
},
{
"name": "MDKSA-2006:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:211"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "libpng-pngdecompresschunk-bo(27468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27468"
},
{
"name": "22957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22957"
}
]
}
}

178
2006/3xxx/CVE-2006-3604.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060710 Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439648/100/0/threaded"
},
{
"name" : "20060721 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440893/100/100/threaded"
},
{
"name" : "20061103 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450478/100/0/threaded"
},
{
"name" : "http://www.digitalarmaments.com/2006300687985463.html",
"refsource" : "MISC",
"url" : "http://www.digitalarmaments.com/2006300687985463.html"
},
{
"name" : "18948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18948"
},
{
"name" : "20994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20994"
},
{
"name" : "flexwatch-admin-auth-bypass(27656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27656"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalarmaments.com/2006300687985463.html",
"refsource": "MISC",
"url": "http://www.digitalarmaments.com/2006300687985463.html"
},
{
"name": "20060710 Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439648/100/0/threaded"
},
{
"name": "flexwatch-admin-auth-bypass(27656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27656"
},
{
"name": "18948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18948"
},
{
"name": "20994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20994"
},
{
"name": "20061103 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450478/100/0/threaded"
},
{
"name": "20060721 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440893/100/100/threaded"
}
]
}
}

158
2006/3xxx/CVE-2006-3737.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060716 Plesk Control Panel <= 8.0.0 XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440292/100/0/threaded"
},
{
"name" : "19017",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19017"
},
{
"name" : "28596",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28596"
},
{
"name" : "1250",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1250"
},
{
"name" : "plesk-filemanager-xss(27770)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27770"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28596"
},
{
"name": "plesk-filemanager-xss(27770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27770"
},
{
"name": "20060716 Plesk Control Panel <= 8.0.0 XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440292/100/0/threaded"
},
{
"name": "19017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19017"
},
{
"name": "1250",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1250"
}
]
}
}

188
2006/3xxx/CVE-2006-3850.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060723 Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name" : "20060805 Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name" : "20060724 Vanilla CMS",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name" : "20060725 Vanilla CMS",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name" : "19127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19127"
},
{
"name" : "28287",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28287"
},
{
"name" : "1016568",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016568"
},
{
"name" : "1281",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060723 Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440938/100/0/threaded"
},
{
"name": "20060724 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000937.html"
},
{
"name": "20060725 Vanilla CMS",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-July/000944.html"
},
{
"name": "20060805 Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442450/100/0/threaded"
},
{
"name": "1016568",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016568"
},
{
"name": "19127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19127"
},
{
"name": "28287",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28287"
},
{
"name": "1281",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1281"
}
]
}
}

178
2006/4xxx/CVE-2006-4517.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061031 Novell iManager Tomcat DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436"
},
{
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3885713&sliceId=SAL_Public&dialogID=17090866&stateId=0%200%2017098735",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3885713&sliceId=SAL_Public&dialogID=17090866&stateId=0%200%2017098735"
},
{
"name" : "20841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20841"
},
{
"name" : "ADV-2006-4292",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4292"
},
{
"name" : "1017139",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017139"
},
{
"name" : "22657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22657"
},
{
"name" : "novell-imanager-tree-dos(29961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29961"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4292"
},
{
"name": "1017139",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017139"
},
{
"name": "20061031 Novell iManager Tomcat DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436"
},
{
"name": "novell-imanager-tree-dos(29961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29961"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3885713&sliceId=SAL_Public&dialogID=17090866&stateId=0%200%2017098735",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3885713&sliceId=SAL_Public&dialogID=17090866&stateId=0%200%2017098735"
},
{
"name": "20841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20841"
},
{
"name": "22657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22657"
}
]
}
}

138
2006/4xxx/CVE-2006-4615.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\\IMPlus\\implus.cfg, which allows local users to obtain sensitive information by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060903 Airscanner Mobile Security Advisory #05081701: IM+ v3.10 Local Password Plaintext Exposure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445082/100/0/threaded"
},
{
"name" : "http://airscanner.com/security/05081701_implus.htm",
"refsource" : "MISC",
"url" : "http://airscanner.com/security/05081701_implus.htm"
},
{
"name" : "1518",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1518"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\\IMPlus\\implus.cfg, which allows local users to obtain sensitive information by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1518",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1518"
},
{
"name": "20060903 Airscanner Mobile Security Advisory #05081701: IM+ v3.10 Local Password Plaintext Exposure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445082/100/0/threaded"
},
{
"name": "http://airscanner.com/security/05081701_implus.htm",
"refsource": "MISC",
"url": "http://airscanner.com/security/05081701_implus.htm"
}
]
}
}

128
2006/4xxx/CVE-2006-4617.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security-net.biz/adv/D3906a.txt",
"refsource" : "MISC",
"url" : "http://www.security-net.biz/adv/D3906a.txt"
},
{
"name" : "28459",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-net.biz/adv/D3906a.txt",
"refsource": "MISC",
"url": "http://www.security-net.biz/adv/D3906a.txt"
},
{
"name": "28459",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28459"
}
]
}
}

238
2006/4xxx/CVE-2006-4692.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-4692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448273/100/0/threaded"
},
{
"name" : "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448696/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2006-54/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-54/advisory/"
},
{
"name" : "HPSBST02161",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "SSRT061264",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "MS06-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"
},
{
"name" : "VU#703936",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/703936"
},
{
"name" : "20318",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20318"
},
{
"name" : "ADV-2006-3984",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3984"
},
{
"name" : "29424",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29424"
},
{
"name" : "oval:org.mitre.oval:def:496",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"
},
{
"name" : "1017037",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017037"
},
{
"name" : "20717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20717"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29424",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29424"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "VU#703936",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/703936"
},
{
"name": "20318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20318"
},
{
"name": "MS06-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"
},
{
"name": "ADV-2006-3984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3984"
},
{
"name": "http://secunia.com/secunia_research/2006-54/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-54/advisory/"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"
},
{
"name": "20717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20717"
},
{
"name": "oval:org.mitre.oval:def:496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"
},
{
"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"
},
{
"name": "1017037",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017037"
}
]
}
}

228
2006/6xxx/CVE-2006-6130.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://projects.info-pull.com/mokb/MOKB-27-11-2006.html",
"refsource" : "MISC",
"url" : "http://projects.info-pull.com/mokb/MOKB-27-11-2006.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "21317",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21317"
},
{
"name" : "ADV-2006-4746",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4746"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "30722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30722"
},
{
"name" : "1017751",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017751"
},
{
"name" : "23134",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23134"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "macos-aiocreglocalzn-dos(30552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "21317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21317"
},
{
"name": "macos-aiocreglocalzn-dos(30552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30552"
},
{
"name": "ADV-2006-4746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4746"
},
{
"name": "30722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30722"
},
{
"name": "23134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23134"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "http://projects.info-pull.com/mokb/MOKB-27-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-27-11-2006.html"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

178
2006/6xxx/CVE-2006-6400.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html",
"refsource" : "MISC",
"url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"name" : "http://www.justsystem.co.jp/info/pd6005.html",
"refsource" : "CONFIRM",
"url" : "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"name" : "JVN#47272891",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"name" : "21445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21445"
},
{
"name" : "ADV-2006-4857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4857"
},
{
"name" : "1017336",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017336"
},
{
"name" : "23185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23185"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#47272891",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2347272891/index.html"
},
{
"name": "http://www.justsystem.co.jp/info/pd6005.html",
"refsource": "CONFIRM",
"url": "http://www.justsystem.co.jp/info/pd6005.html"
},
{
"name": "1017336",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017336"
},
{
"name": "ADV-2006-4857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4857"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/92_e.html"
},
{
"name": "21445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21445"
},
{
"name": "23185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23185"
}
]
}
}

148
2006/6xxx/CVE-2006-6581.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061112 Phpdebug 1.1.0 - Remote File Include by Firewall",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116345671023015&w=2"
},
{
"name" : "21047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21047"
},
{
"name" : "1017219",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017219"
},
{
"name" : "phpdebug-debugtest-file-include(30234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30234"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017219"
},
{
"name": "20061112 Phpdebug 1.1.0 - Remote File Include by Firewall",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116345671023015&w=2"
},
{
"name": "phpdebug-debugtest-file-include(30234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30234"
},
{
"name": "21047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21047"
}
]
}
}

148
2006/6xxx/CVE-2006-6710.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2971",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2971"
},
{
"name" : "21696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21696"
},
{
"name" : "ADV-2006-5116",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5116"
},
{
"name" : "23480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23480"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5116"
},
{
"name": "21696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21696"
},
{
"name": "23480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23480"
},
{
"name": "2971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2971"
}
]
}
}

138
2006/6xxx/CVE-2006-6905.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "37588",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37588"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37588",
"refsource": "OSVDB",
"url": "http://osvdb.org/37588"
}
]
}
}

198
2006/7xxx/CVE-2006-7048.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060508 Claroline file inclusion vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0211.html"
},
{
"name" : "25318",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25318"
},
{
"name" : "25320",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25320"
},
{
"name" : "25321",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25321"
},
{
"name" : "25322",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25322"
},
{
"name" : "25323",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25323"
},
{
"name" : "25325",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25325"
},
{
"name" : "25326",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25326"
},
{
"name" : "25328",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25328"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25326",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25326"
},
{
"name": "25325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25325"
},
{
"name": "25318",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25318"
},
{
"name": "25323",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25323"
},
{
"name": "25328",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25328"
},
{
"name": "25322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25322"
},
{
"name": "25320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25320"
},
{
"name": "20060508 Claroline file inclusion vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0211.html"
},
{
"name": "25321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25321"
}
]
}
}

128
2010/2xxx/CVE-2010-2158.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/803770",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/803770"
},
{
"name" : "39732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39732"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/803770",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39732"
}
]
}
}

32
2010/2xxx/CVE-2010-2250.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2250",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2250",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2010/2xxx/CVE-2010-2902.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2902",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=48284",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=48284"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html"
},
{
"name" : "oval:org.mitre.oval:def:11896",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11896"
},
{
"name" : "40743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40743"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11896",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11896"
},
{
"name": "40743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40743"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=48284",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=48284"
}
]
}
}

148
2010/2xxx/CVE-2010-2974.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MORO-87MHPT",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MORO-87MHPT"
},
{
"name" : "http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108",
"refsource" : "CONFIRM",
"url" : "http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108"
},
{
"name" : "https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm",
"refsource" : "CONFIRM",
"url" : "https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm"
},
{
"name" : "VU#703189",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/703189"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#703189",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/703189"
},
{
"name": "http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108",
"refsource": "CONFIRM",
"url": "http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108"
},
{
"name": "https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm",
"refsource": "CONFIRM",
"url": "https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-87MHPT",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-87MHPT"
}
]
}
}

158
2011/0xxx/CVE-2011-0184.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110321 Apple OfficeImport Framework Excel Memory Corruption Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=898"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "20110321 Apple OfficeImport Framework Excel Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=898"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

178
2011/0xxx/CVE-2011-0315.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PM18512",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512"
},
{
"name" : "46736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46736"
},
{
"name" : "42938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42938"
},
{
"name" : "ADV-2011-0564",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0564"
},
{
"name" : "was-webcontainer-xss(64554)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64554"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name": "was-webcontainer-xss(64554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64554"
},
{
"name": "PM18512",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512"
},
{
"name": "42938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42938"
},
{
"name": "46736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46736"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "ADV-2011-0564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0564"
}
]
}
}

148
2011/0xxx/CVE-2011-0775.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463",
"refsource" : "CONFIRM",
"url" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463"
},
{
"name" : "70675",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70675"
},
{
"name" : "43041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43041"
},
{
"name" : "pivotx-image-info-disc(64977)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70675",
"refsource": "OSVDB",
"url": "http://osvdb.org/70675"
},
{
"name": "43041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43041"
},
{
"name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463"
},
{
"name": "pivotx-image-info-disc(64977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64977"
}
]
}
}

138
2011/1xxx/CVE-2011-1323.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nec.co.jp/security-info/secinfo/nv11-004.html",
"refsource" : "CONFIRM",
"url" : "http://www.nec.co.jp/security-info/secinfo/nv11-004.html"
},
{
"name" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html",
"refsource" : "CONFIRM",
"url" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html"
},
{
"name" : "JVN#55714408",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN55714408/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html",
"refsource": "CONFIRM",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN55714408.html"
},
{
"name": "http://www.nec.co.jp/security-info/secinfo/nv11-004.html",
"refsource": "CONFIRM",
"url": "http://www.nec.co.jp/security-info/secinfo/nv11-004.html"
},
{
"name": "JVN#55714408",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55714408/index.html"
}
]
}
}

148
2011/1xxx/CVE-2011-1360.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21502580",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21502580"
},
{
"name" : "PM41293",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM41293"
},
{
"name" : "50447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50447"
},
{
"name" : "was-http-doc-xss(69656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69656"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50447"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21502580",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21502580"
},
{
"name": "PM41293",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM41293"
},
{
"name": "was-http-doc-xss(69656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69656"
}
]
}
}

168
2011/1xxx/CVE-2011-1390.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
},
{
"name" : "53483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53483"
},
{
"name" : "81815",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81815"
},
{
"name" : "1027060",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027060"
},
{
"name" : "49093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49093"
},
{
"name" : "rcq-maintenancetool-sql-injection(71802)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81815",
"refsource": "OSVDB",
"url": "http://osvdb.org/81815"
},
{
"name": "53483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53483"
},
{
"name": "1027060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027060"
},
{
"name": "49093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49093"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21594717"
},
{
"name": "rcq-maintenancetool-sql-injection(71802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71802"
}
]
}
}

32
2011/1xxx/CVE-2011-1615.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1615",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1615",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/1xxx/CVE-2011-1617.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1617",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1617",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2011/4xxx/CVE-2011-4097.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111031 Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/11/01/2"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750399",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750399"
},
{
"name" : "https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111031 Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=750399",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750399"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8"
},
{
"name": "https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f"
}
]
}
}

32
2011/4xxx/CVE-2011-4390.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4390",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4390",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

168
2011/4xxx/CVE-2011-4780.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=bd3735ba584e7a49aee78813845245354b061f61",
"refsource" : "CONFIRM",
"url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=bd3735ba584e7a49aee78813845245354b061f61"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php"
},
{
"name" : "FEDORA-2011-17369",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html"
},
{
"name" : "FEDORA-2011-17370",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html"
},
{
"name" : "MDVSA-2011:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198"
},
{
"name" : "51226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51226"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51226"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=bd3735ba584e7a49aee78813845245354b061f61",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=bd3735ba584e7a49aee78813845245354b061f61"
},
{
"name": "FEDORA-2011-17370",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html"
},
{
"name": "MDVSA-2011:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198"
},
{
"name": "FEDORA-2011-17369",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php"
}
]
}
}

168
2011/4xxx/CVE-2011-4911.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/12/25/3"
},
{
"name" : "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/12/25/8"
},
{
"name" : "http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html"
},
{
"name" : "35544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35544"
},
{
"name" : "55591",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55591"
},
{
"name" : "35668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35668"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35668"
},
{
"name": "55591",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55591"
},
{
"name": "http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html"
},
{
"name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/25/8"
},
{
"name": "35544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35544"
},
{
"name": "[oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/25/3"
}
]
}
}

158
2011/5xxx/CVE-2011-5261.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html",
"refsource" : "MISC",
"url" : "http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html"
},
{
"name" : "50968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50968"
},
{
"name" : "77395",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77395"
},
{
"name" : "47037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47037"
},
{
"name" : "axism10-showreport-xss(71687)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71687"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47037"
},
{
"name": "http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html",
"refsource": "MISC",
"url": "http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html"
},
{
"name": "50968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50968"
},
{
"name": "77395",
"refsource": "OSVDB",
"url": "http://osvdb.org/77395"
},
{
"name": "axism10-showreport-xss(71687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71687"
}
]
}
}

148
2014/2xxx/CVE-2014-2114.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33644",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33644"
},
{
"name" : "20140403 Cisco Emergency Responder Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114"
},
{
"name" : "66635",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66635"
},
{
"name" : "1030019",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030019"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140403 Cisco Emergency Responder Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114"
},
{
"name": "1030019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030019"
},
{
"name": "66635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66635"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33644",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33644"
}
]
}
}

118
2014/2xxx/CVE-2014-2468.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-4230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-4230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

32
2014/2xxx/CVE-2014-2581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2581",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/2xxx/CVE-2014-2973.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2973",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-2973",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

158
2014/3xxx/CVE-2014-3424.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource" : "CONFIRM",
"url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name" : "MDVSA-2015:117",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117071: Fix Bug#17415.",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html"
},
{
"name": "MDVSA-2015:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:117"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0250.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0250.html"
},
{
"name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8",
"refsource": "CONFIRM",
"url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8"
}
]
}
}

118
2014/3xxx/CVE-2014-3823.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10647"
}
]
}
}

32
2014/6xxx/CVE-2014-6073.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6073",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6073",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/6xxx/CVE-2014-6147.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097120",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097120"
},
{
"name" : "IT05310",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05310"
},
{
"name" : "ibm-fsm-cve20146147-sec-bypass(96917)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96917"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-fsm-cve20146147-sec-bypass(96917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96917"
},
{
"name": "IT05310",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05310"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097120",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097120"
}
]
}
}

128
2014/6xxx/CVE-2014-6510.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031583"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031583"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

138
2014/6xxx/CVE-2014-6689.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#149273",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/149273"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#149273",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/149273"
}
]
}
}

138
2014/6xxx/CVE-2014-6861.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#901585",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/901585"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#901585",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/901585"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7460.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#815873",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/815873"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#815873",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/815873"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

32
2014/7xxx/CVE-2014-7545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7545",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7545",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

138
2014/7xxx/CVE-2014-7878.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU03190",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238"
},
{
"name" : "SSRT101812",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238"
},
{
"name" : "hp-helion-cve20147878-unauth-access(98636)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98636"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101812",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238"
},
{
"name": "hp-helion-cve20147878-unauth-access(98636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98636"
},
{
"name": "HPSBMU03190",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04500238"
}
]
}
}

214
2016/2xxx/CVE-2016-2866.json
View File

@ -1,110 +1,110 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-2866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "3.0.1"
},
{
"version_value" : "4.0"
},
{
"version_value" : "3.0.1.6"
},
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "5.0"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "3.0.1"
},
{
"version_value": "4.0"
},
{
"version_value": "3.0.1.6"
},
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.5"
},
{
"version_value": "4.0.6"
},
{
"version_value": "5.0"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997104",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997104"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997104",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997104"
}
]
}
}

178
2017/0xxx/CVE-2017-0770.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "4.4.4"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "4.4.4"
},
{
"version_value": "5.0.2"
},
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100649"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100649"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
}

130
2017/18xxx/CVE-2017-18052.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-18052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-18052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd"
}
]
}
}

268
2017/18xxx/CVE-2017-18203.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"
},
{
"name" : "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3",
"refsource" : "MISC",
"url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"
},
{
"name" : "DSA-4187",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4187"
},
{
"name" : "RHSA-2018:0676",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name" : "RHSA-2018:1062",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name" : "RHSA-2018:1854",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name" : "USN-3619-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-1/"
},
{
"name" : "USN-3619-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "USN-3653-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3653-1/"
},
{
"name" : "USN-3653-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3653-2/"
},
{
"name" : "USN-3655-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-2/"
},
{
"name" : "USN-3657-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3657-1/"
},
{
"name" : "USN-3655-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-1/"
},
{
"name" : "103184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103184"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "103184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103184"
},
{
"name": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "USN-3653-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "USN-3653-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "USN-3657-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3657-1/"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
}
]
}
}

32
2017/1xxx/CVE-2017-1518.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1518",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1518",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

202
2017/1xxx/CVE-2017-1593.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-16T00:00:00",
"ID" : "CVE-2017-1593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
}
]
}
},
{
"product_name" : "Rational DOORS Next Generation ",
"version" : {
"version_data" : [
{
"version_value" : "5.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-16T00:00:00",
"ID": "CVE-2017-1593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "4.0.7"
},
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation ",
"version": {
"version_data": [
{
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132494",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132494"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010321",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010321"
},
{
"name" : "101895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101895"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132494",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132494"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010321",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010321"
}
]
}
}

32
2017/1xxx/CVE-2017-1660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2017/5xxx/CVE-2017-5577.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20170118 [PATCH 2/2] drm/vc4: Return -EINVAL on the overflow checks failing.",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2017/1/17/759"
},
{
"name" : "[oss-security] 20170122 CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/21/7"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416437",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416437"
},
{
"name" : "https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9"
},
{
"name" : "95765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95765"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170122 CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/7"
},
{
"name": "95765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95765"
},
{
"name": "https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9"
},
{
"name": "[linux-kernel] 20170118 [PATCH 2/2] drm/vc4: Return -EINVAL on the overflow checks failing.",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2017/1/17/759"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1416437",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416437"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9"
}
]
}
}

32
2017/5xxx/CVE-2017-5758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5758",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5758",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2017/5xxx/CVE-2017-5840.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777469",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777469"
},
{
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource" : "CONFIRM",
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name" : "DSA-3820",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3820"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:2060",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name" : "96001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96001"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96001"
},
{
"name": "DSA-3820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3820"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=777469",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777469"
},
{
"name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
}
]
}
}