admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:27:37 +00:00
parent 341ce96e75
commit b7a69797d1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4635 additions and 4635 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0458.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "USN-259-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/259-1/"
},
{
"name" : "16913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16913"
},
{
"name" : "19090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19090"
},
{
"name" : "irssi-dcc-accept-dos(25147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-259-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/259-1/"
},
{
"name": "19090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19090"
},
{
"name": "16913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16913"
},
{
"name": "irssi-dcc-accept-dos(25147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25147"
}
]
}
}

180
2006/3xxx/CVE-2006-3154.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html"
},
{
"name" : "18573",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18573"
},
{
"name" : "ADV-2006-2475",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2475"
},
{
"name" : "26740",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26740"
},
{
"name" : "1016353",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016353"
},
{
"name" : "20761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20761"
},
{
"name" : "ultimate-estate-index-sql-injection(27273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ultimate-estate-index-sql-injection(27273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27273"
},
{
"name": "26740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26740"
},
{
"name": "ADV-2006-2475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2475"
},
{
"name": "1016353",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016353"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html"
},
{
"name": "18573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18573"
},
{
"name": "20761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20761"
}
]
}
}

170
2006/3xxx/CVE-2006-3265.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://qdig.sourceforge.net/News/News2006-06-24-1",
"refsource" : "CONFIRM",
"url" : "http://qdig.sourceforge.net/News/News2006-06-24-1"
},
{
"name" : "ADV-2006-2514",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2514"
},
{
"name" : "26828",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26828"
},
{
"name" : "20808",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20808"
},
{
"name" : "538",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/538"
},
{
"name" : "qdig-index-xss(27471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qdig-index-xss(27471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27471"
},
{
"name": "ADV-2006-2514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2514"
},
{
"name": "20808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20808"
},
{
"name": "http://qdig.sourceforge.net/News/News2006-06-24-1",
"refsource": "CONFIRM",
"url": "http://qdig.sourceforge.net/News/News2006-06-24-1"
},
{
"name": "26828",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26828"
},
{
"name": "538",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/538"
}
]
}
}

370
2006/3xxx/CVE-2006-3312.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438151/100/0/threaded"
},
{
"name" : "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt",
"refsource" : "MISC",
"url" : "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt"
},
{
"name" : "20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-August/000969.html"
},
{
"name" : "http://www.testmanagement.com/",
"refsource" : "CONFIRM",
"url" : "http://www.testmanagement.com/"
},
{
"name" : "18620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18620"
},
{
"name" : "27599",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27599"
},
{
"name" : "27600",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27600"
},
{
"name" : "27601",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27601"
},
{
"name" : "27605",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27605"
},
{
"name" : "27606",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27606"
},
{
"name" : "27607",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27607"
},
{
"name" : "27608",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27608"
},
{
"name" : "27609",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27609"
},
{
"name" : "27610",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27610"
},
{
"name" : "27611",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27611"
},
{
"name" : "27612",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27612"
},
{
"name" : "27613",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27613"
},
{
"name" : "27614",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27614"
},
{
"name" : "27615",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27615"
},
{
"name" : "27616",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27616"
},
{
"name" : "27602",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27602"
},
{
"name" : "27603",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27603"
},
{
"name" : "27604",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27604"
},
{
"name" : "1016381",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016381"
},
{
"name" : "1169",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1169"
},
{
"name" : "qatraq-multiple-xss(27355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27603"
},
{
"name": "20060811 QaTraq multiple cross-site scripting vulnerabilities (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-August/000969.html"
},
{
"name": "http://www.testmanagement.com/",
"refsource": "CONFIRM",
"url": "http://www.testmanagement.com/"
},
{
"name": "27611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27611"
},
{
"name": "27614",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27614"
},
{
"name": "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt",
"refsource": "MISC",
"url": "http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt"
},
{
"name": "27602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27602"
},
{
"name": "27610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27610"
},
{
"name": "1016381",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016381"
},
{
"name": "27612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27612"
},
{
"name": "27607",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27607"
},
{
"name": "27606",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27606"
},
{
"name": "18620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18620"
},
{
"name": "27609",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27609"
},
{
"name": "27608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27608"
},
{
"name": "27599",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27599"
},
{
"name": "27613",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27613"
},
{
"name": "27615",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27615"
},
{
"name": "27605",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27605"
},
{
"name": "1169",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1169"
},
{
"name": "27616",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27616"
},
{
"name": "qatraq-multiple-xss(27355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27355"
},
{
"name": "27600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27600"
},
{
"name": "27601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27601"
},
{
"name": "27604",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27604"
},
{
"name": "20060623 QaTraq 6.5 RC: Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438151/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4469.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform \"remote execution,\" related to \"Injection Flaws.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/1841/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1841/78/"
},
{
"name" : "http://www.joomla.org/content/view/1843/74/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1843/74/"
},
{
"name" : "ADV-2006-3408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3408"
},
{
"name" : "21666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21666"
},
{
"name" : "joomla-pear-command-execution(28629)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform \"remote execution,\" related to \"Injection Flaws.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3408"
},
{
"name": "http://www.joomla.org/content/view/1841/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1841/78/"
},
{
"name": "21666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21666"
},
{
"name": "http://www.joomla.org/content/view/1843/74/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1843/74/"
},
{
"name": "joomla-pear-command-execution(28629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28629"
}
]
}
}

170
2006/4xxx/CVE-2006-4546.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444844/100/0/threaded"
},
{
"name" : "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html"
},
{
"name" : "1016771",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016771"
},
{
"name" : "21698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21698"
},
{
"name" : "1502",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1502"
},
{
"name" : "listmanager-administrator-security-bypass(28679)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21698"
},
{
"name": "1016771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016771"
},
{
"name": "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html"
},
{
"name": "1502",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1502"
},
{
"name": "listmanager-administrator-security-bypass(28679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28679"
},
{
"name": "20060831 Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444844/100/0/threaded"
}
]
}
}

700
2006/4xxx/CVE-2006-4565.json
View File

@ -1,352 +1,352 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 rPSA-2006-0169-1 firefox thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name" : "https://issues.rpath.com/browse/RPL-640",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-640"
},
{
"name" : "DSA-1191",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"name" : "DSA-1192",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1192"
},
{
"name" : "DSA-1210",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1210"
},
{
"name" : "GLSA-200609-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name" : "GLSA-200610-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"name" : "GLSA-200610-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-04.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name" : "MDKSA-2006:168",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name" : "MDKSA-2006:169",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"name" : "RHSA-2006:0676",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"name" : "RHSA-2006:0677",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"name" : "RHSA-2006:0675",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name" : "20060901-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name" : "SUSE-SA:2006:054",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "USN-351-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name" : "USN-352-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-352-1"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "USN-361-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name" : "20042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20042"
},
{
"name" : "oval:org.mitre.oval:def:11421",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421"
},
{
"name" : "ADV-2006-3617",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3617"
},
{
"name" : "ADV-2007-1198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1016846",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016846"
},
{
"name" : "1016847",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016847"
},
{
"name" : "1016848",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016848"
},
{
"name" : "21906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21906"
},
{
"name" : "21949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21949"
},
{
"name" : "21915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21915"
},
{
"name" : "21916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21916"
},
{
"name" : "21939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21939"
},
{
"name" : "21940",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21940"
},
{
"name" : "21950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21950"
},
{
"name" : "22036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22036"
},
{
"name" : "22001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22001"
},
{
"name" : "22025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22025"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
},
{
"name" : "22074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22074"
},
{
"name" : "22088",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22088"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
},
{
"name" : "22247",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22247"
},
{
"name" : "22274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22274"
},
{
"name" : "22299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22299"
},
{
"name" : "22342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22342"
},
{
"name" : "22391",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22391"
},
{
"name" : "22422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22422"
},
{
"name" : "22849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22849"
},
{
"name" : "22056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22056"
},
{
"name" : "22195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22195"
},
{
"name" : "24711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24711"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-javascript-expression-bo(28955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016847",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016847"
},
{
"name": "22391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22391"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "RHSA-2006:0676",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
},
{
"name": "mozilla-javascript-expression-bo(28955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28955"
},
{
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name": "22195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22195"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html"
},
{
"name": "USN-361-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-361-1"
},
{
"name": "USN-352-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"name": "21950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21950"
},
{
"name": "USN-351-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "22025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22056"
},
{
"name": "22247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22247"
},
{
"name": "MDKSA-2006:168",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "DSA-1191",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1191"
},
{
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "DSA-1210",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1210"
},
{
"name": "24711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24711"
},
{
"name": "GLSA-200610-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "22849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22849"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "20060901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "21939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21939"
},
{
"name": "1016848",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016848"
},
{
"name": "ADV-2006-3617",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3617"
},
{
"name": "21915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21915"
},
{
"name": "ADV-2007-1198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "RHSA-2006:0677",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
},
{
"name": "DSA-1192",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1192"
},
{
"name": "GLSA-200609-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22274"
},
{
"name": "RHSA-2006:0675",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "21940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21940"
},
{
"name": "20042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20042"
},
{
"name": "22001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22001"
},
{
"name": "oval:org.mitre.oval:def:11421",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "21906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21906"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22342"
},
{
"name": "GLSA-200610-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
},
{
"name": "22074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22074"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "22088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22088"
},
{
"name": "21949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21949"
},
{
"name": "SUSE-SA:2006:054",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-640",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "1016846",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016846"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "22422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22422"
},
{
"name": "22299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22299"
},
{
"name": "MDKSA-2006:169",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"name": "21916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21916"
}
]
}
}

34
2006/4xxx/CVE-2006-4703.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4703",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-4703",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

150
2006/4xxx/CVE-2006-4743.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060906 Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445374/100/0/threaded"
},
{
"name" : "20060907 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445604/100/0/threaded"
},
{
"name" : "20060907 Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445471/100/0/threaded"
},
{
"name" : "20060911 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445711/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060906 Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445374/100/0/threaded"
},
{
"name": "20060907 Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445471/100/0/threaded"
},
{
"name": "20060911 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445711/100/0/threaded"
},
{
"name": "20060907 Re: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445604/100/0/threaded"
}
]
}
}

150
2006/6xxx/CVE-2006-6282.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452018/100/200/threaded"
},
{
"name" : "21196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21196"
},
{
"name" : "1966",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1966"
},
{
"name" : "vikingboard-members-information-disclosure(30386)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452018/100/200/threaded"
},
{
"name": "vikingboard-members-information-disclosure(30386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30386"
},
{
"name": "21196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21196"
},
{
"name": "1966",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1966"
}
]
}
}

170
2006/6xxx/CVE-2006-6462.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2897",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2897"
},
{
"name" : "http://cm68.de/?cm68news_download",
"refsource" : "MISC",
"url" : "http://cm68.de/?cm68news_download"
},
{
"name" : "21499",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21499"
},
{
"name" : "ADV-2006-4911",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4911"
},
{
"name" : "23326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23326"
},
{
"name" : "cm68news-oldnews-file-include(30785)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21499"
},
{
"name": "ADV-2006-4911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4911"
},
{
"name": "cm68news-oldnews-file-include(30785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30785"
},
{
"name": "http://cm68.de/?cm68news_download",
"refsource": "MISC",
"url": "http://cm68.de/?cm68news_download"
},
{
"name": "2897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2897"
},
{
"name": "23326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23326"
}
]
}
}

150
2006/6xxx/CVE-2006-6700.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netragard.com/html/recent_research.html",
"refsource" : "MISC",
"url" : "http://www.netragard.com/html/recent_research.html"
},
{
"name" : "21708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21708"
},
{
"name" : "1017435",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017435"
},
{
"name" : "23472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017435",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017435"
},
{
"name": "http://www.netragard.com/html/recent_research.html",
"refsource": "MISC",
"url": "http://www.netragard.com/html/recent_research.html"
},
{
"name": "23472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23472"
},
{
"name": "21708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21708"
}
]
}
}

270
2006/6xxx/CVE-2006-6799.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/457290/100/0/threaded"
},
{
"name" : "3029",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3029"
},
{
"name" : "http://www.cacti.net/release_notes_0_8_6j.php",
"refsource" : "CONFIRM",
"url" : "http://www.cacti.net/release_notes_0_8_6j.php"
},
{
"name" : "DSA-1250",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1250"
},
{
"name" : "GLSA-200701-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200701-23.xml"
},
{
"name" : "MDKSA-2007:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"
},
{
"name" : "OpenPKG-SA-2007.001",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"
},
{
"name" : "SUSE-SA:2007:007",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"
},
{
"name" : "21799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21799"
},
{
"name" : "ADV-2006-5193",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5193"
},
{
"name" : "1017451",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017451"
},
{
"name" : "23528",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23528"
},
{
"name" : "23665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23665"
},
{
"name" : "23917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23917"
},
{
"name" : "23941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23941"
},
{
"name" : "cacti-cmd-sql-injection(31177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1250",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1250"
},
{
"name": "OpenPKG-SA-2007.001",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.001.html"
},
{
"name": "23917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23917"
},
{
"name": "MDKSA-2007:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:015"
},
{
"name": "23528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23528"
},
{
"name": "1017451",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017451"
},
{
"name": "cacti-cmd-sql-injection(31177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31177"
},
{
"name": "GLSA-200701-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-23.xml"
},
{
"name": "SUSE-SA:2007:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_07_cacti.html"
},
{
"name": "ADV-2006-5193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5193"
},
{
"name": "http://www.cacti.net/release_notes_0_8_6j.php",
"refsource": "CONFIRM",
"url": "http://www.cacti.net/release_notes_0_8_6j.php"
},
{
"name": "23665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23665"
},
{
"name": "3029",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3029"
},
{
"name": "21799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21799"
},
{
"name": "23941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23941"
},
{
"name": "20070118 Re: FW: [cacti-announce] Cacti 0.8.6j Released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457290/100/0/threaded"
}
]
}
}

120
2006/7xxx/CVE-2006-7175.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352"
}
]
}
}

150
2010/2xxx/CVE-2010-2205.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "oval:org.mitre.oval:def:7070",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7070"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "oval:org.mitre.oval:def:7070",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7070"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
}
]
}
}

210
2010/2xxx/CVE-2010-2654.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14237",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14237/"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name" : "41383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41383"
},
{
"name" : "66122",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66122"
},
{
"name" : "66125",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66125"
},
{
"name" : "66126",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66126"
},
{
"name" : "66127",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66127"
},
{
"name" : "66128",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66128"
},
{
"name" : "66129",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66129"
},
{
"name" : "66130",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66130"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66125",
"refsource": "OSVDB",
"url": "http://osvdb.org/66125"
},
{
"name": "66128",
"refsource": "OSVDB",
"url": "http://osvdb.org/66128"
},
{
"name": "66130",
"refsource": "OSVDB",
"url": "http://osvdb.org/66130"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "66127",
"refsource": "OSVDB",
"url": "http://osvdb.org/66127"
},
{
"name": "66129",
"refsource": "OSVDB",
"url": "http://osvdb.org/66129"
},
{
"name": "66122",
"refsource": "OSVDB",
"url": "http://osvdb.org/66122"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66126",
"refsource": "OSVDB",
"url": "http://osvdb.org/66126"
}
]
}
}

140
2010/2xxx/CVE-2010-2933.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the \"main page,\" related to index.php and the login task."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14494",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14494"
},
{
"name" : "42023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42023"
},
{
"name" : "avarcade-index-security-bypass(60799)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the \"main page,\" related to index.php and the login task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42023"
},
{
"name": "avarcade-index-security-bypass(60799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60799"
},
{
"name": "14494",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14494"
}
]
}
}

230
2011/0xxx/CVE-2011-0078.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635705",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635705"
},
{
"name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource" : "CONFIRM",
"url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100134543",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100134543"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name" : "DSA-2227",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2227"
},
{
"name" : "DSA-2228",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2228"
},
{
"name" : "DSA-2235",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2235"
},
{
"name" : "MDVSA-2011:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name" : "MDVSA-2011:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name" : "47651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47651"
},
{
"name" : "oval:org.mitre.oval:def:14246",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2228",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2228"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=635705",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=635705"
},
{
"name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird"
},
{
"name": "DSA-2235",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2235"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100134543",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100134543"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name": "47651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47651"
},
{
"name": "MDVSA-2011:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name": "DSA-2227",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2227"
},
{
"name": "oval:org.mitre.oval:def:14246",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
}
]
}
}

210
2011/0xxx/CVE-2011-0758.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110207 ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516277/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-059",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-059"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}"
},
{
"name" : "46253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46253"
},
{
"name" : "70840",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70840"
},
{
"name" : "1025052",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025052"
},
{
"name" : "43200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43200"
},
{
"name" : "8075",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8075"
},
{
"name" : "ADV-2011-0306",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46253"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ca"
},
{
"name": "43200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43200"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EE6F16E1-6E05-4890-A739-2B9F745C721F}"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-059",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-059"
},
{
"name": "1025052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025052"
},
{
"name": "8075",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8075"
},
{
"name": "70840",
"refsource": "OSVDB",
"url": "http://osvdb.org/70840"
},
{
"name": "20110207 ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516277/100/0/threaded"
},
{
"name": "ADV-2011-0306",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0306"
}
]
}
}

140
2011/0xxx/CVE-2011-0780.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=64051",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=64051"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14530",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=64051",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=64051"
},
{
"name": "oval:org.mitre.oval:def:14530",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14530"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0985.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=70456",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=70456"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2190"
},
{
"name" : "DSA-2166",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2166"
},
{
"name" : "46262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46262"
},
{
"name" : "oval:org.mitre.oval:def:14506",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506"
},
{
"name" : "43342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43342"
},
{
"name" : "43368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43368"
},
{
"name" : "ADV-2011-0408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0408"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43368"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=70456",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=70456"
},
{
"name": "oval:org.mitre.oval:def:14506",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14506"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2190"
},
{
"name": "43342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43342"
},
{
"name": "DSA-2166",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2166"
},
{
"name": "ADV-2011-0408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0408"
},
{
"name": "46262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46262"
}
]
}
}

180
2011/0xxx/CVE-2011-0999.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/17/3"
},
{
"name" : "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/17/6"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678209",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678209"
},
{
"name" : "46442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46442"
},
{
"name" : "kernel-hugepages-dos(65535)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/17/3"
},
{
"name": "46442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46442"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=678209",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209"
},
{
"name": "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/17/6"
},
{
"name": "kernel-hugepages-dos(65535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535"
}
]
}
}

180
2011/1xxx/CVE-2011-1185.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=42574",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=42574"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=42765",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=42765"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
},
{
"name" : "oval:org.mitre.oval:def:14349",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
},
{
"name" : "chrome-sandboxed-sec-bypass(65948)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "chrome-sandboxed-sec-bypass(65948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65948"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "oval:org.mitre.oval:def:14349",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=42574",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=42574"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=42765",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=42765"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

170
2011/1xxx/CVE-2011-1422.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-1422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110418 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517534/100/0/threaded"
},
{
"name" : "47408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47408"
},
{
"name" : "1025382",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025382"
},
{
"name" : "44236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44236"
},
{
"name" : "8215",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8215"
},
{
"name" : "ADV-2011-1026",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025382",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025382"
},
{
"name": "47408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47408"
},
{
"name": "8215",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8215"
},
{
"name": "ADV-2011-1026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1026"
},
{
"name": "20110418 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517534/100/0/threaded"
},
{
"name": "44236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44236"
}
]
}
}

140
2011/1xxx/CVE-2011-1511.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "8254",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "8254",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8254"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

240
2011/1xxx/CVE-2011-1552.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
},
{
"name" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource" : "MISC",
"url" : "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name" : "http://www.foolabs.com/xpdf/download.html",
"refsource" : "CONFIRM",
"url" : "http://www.foolabs.com/xpdf/download.html"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name" : "GLSA-201701-57",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-57"
},
{
"name" : "MDVSA-2012:144",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name" : "RHSA-2012:1201",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name" : "VU#376500",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/376500"
},
{
"name" : "1025266",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025266"
},
{
"name" : "43823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43823"
},
{
"name" : "48985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48985"
},
{
"name" : "8171",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8171"
},
{
"name" : "ADV-2011-0728",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43823"
},
{
"name": "48985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48985"
},
{
"name": "8171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8171"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8ECL8X"
},
{
"name": "ADV-2011-0728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0728"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "http://www.foolabs.com/xpdf/download.html",
"refsource": "CONFIRM",
"url": "http://www.foolabs.com/xpdf/download.html"
},
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-01.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-01.txt"
},
{
"name": "VU#376500",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/376500"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "1025266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025266"
},
{
"name": "20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517205/100/0/threaded"
}
]
}
}

150
2011/1xxx/CVE-2011-1965.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka \"TCP/IP QOS Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-064",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-064"
},
{
"name" : "TA11-221A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
},
{
"name" : "oval:org.mitre.oval:def:12318",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12318"
},
{
"name" : "8474",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka \"TCP/IP QOS Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-064",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-064"
},
{
"name": "8474",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8474"
},
{
"name": "oval:org.mitre.oval:def:12318",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12318"
},
{
"name": "TA11-221A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
}
]
}
}

130
2011/4xxx/CVE-2011-4221.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#275036",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/275036"
},
{
"name" : "able2doc-pdf-code-execution(71096)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "able2doc-pdf-code-execution(71096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71096"
},
{
"name": "VU#275036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/275036"
}
]
}
}

34
2011/5xxx/CVE-2011-5014.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5014",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5014",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2014/3xxx/CVE-2014-3181.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=100",
"refsource" : "MISC",
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=100"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141173",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141173"
},
{
"name" : "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38"
},
{
"name" : "RHSA-2014:1318",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "USN-2376-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2376-1"
},
{
"name" : "USN-2377-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2377-1"
},
{
"name" : "USN-2378-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2378-1"
},
{
"name" : "USN-2379-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2379-1"
},
{
"name" : "69779",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2377-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2377-1"
},
{
"name": "RHSA-2014:1318",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html"
},
{
"name": "69779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69779"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=100",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=100"
},
{
"name": "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c54def7bd64d7c0b6993336abcffb8444795bf38"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c54def7bd64d7c0b6993336abcffb8444795bf38"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name": "USN-2378-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2378-1"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141173",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141173"
},
{
"name": "USN-2379-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2379-1"
},
{
"name": "USN-2376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2376-1"
}
]
}
}

160
2014/3xxx/CVE-2014-3295.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585"
},
{
"name" : "20140610 Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295"
},
{
"name" : "67983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67983"
},
{
"name" : "1030409",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030409"
},
{
"name" : "59158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67983"
},
{
"name": "20140610 Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3295"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34585"
},
{
"name": "1030409",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030409"
},
{
"name": "59158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59158"
}
]
}
}

200
2014/3xxx/CVE-2014-3481.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1105242",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1105242"
},
{
"name" : "RHSA-2014:0797",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0797.html"
},
{
"name" : "RHSA-2014:0798",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0798.html"
},
{
"name" : "RHSA-2014:0799",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0799.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name" : "RHSA-2015:0765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name" : "1032017",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032017"
},
{
"name" : "redhat-jeap-cve20143481-info-disc(94939)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0798",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"
},
{
"name": "1032017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032017"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "RHSA-2014:0797",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"
},
{
"name": "redhat-jeap-cve20143481-info-disc(94939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94939"
},
{
"name": "RHSA-2014:0799",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242"
}
]
}
}

34
2014/3xxx/CVE-2014-3798.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3798",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3798",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/3xxx/CVE-2014-3845.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog",
"refsource" : "MISC",
"url" : "http://wordpress.org/plugins/tinymce-colorpicker/changelog"
},
{
"name" : "58095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/tinymce-colorpicker/changelog",
"refsource": "MISC",
"url": "http://wordpress.org/plugins/tinymce-colorpicker/changelog"
},
{
"name": "58095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58095"
}
]
}
}

34
2014/3xxx/CVE-2014-3860.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3860",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3860",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/6xxx/CVE-2014-6235.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010"
},
{
"name" : "http://typo3.org/extensions/repository/view/ke_dompdf",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/ke_dompdf"
},
{
"name" : "69563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69563"
},
{
"name" : "kedompdf-unspecified-code-exec(95706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69563"
},
{
"name": "http://typo3.org/extensions/repository/view/ke_dompdf",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ke_dompdf"
},
{
"name": "kedompdf-unspecified-code-exec(95706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95706"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010"
}
]
}
}

34
2014/6xxx/CVE-2014-6282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

320
2014/6xxx/CVE-2014-6515.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03218",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name" : "SSRT101770",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name" : "RHSA-2014:1657",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1657.html"
},
{
"name" : "RHSA-2014:1658",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1658.html"
},
{
"name" : "RHSA-2014:1876",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"name" : "RHSA-2014:1877",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"name" : "RHSA-2014:1880",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"name" : "RHSA-2014:1882",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"name" : "RHSA-2015:0264",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name" : "SUSE-SU-2014:1526",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name" : "SUSE-SU-2014:1549",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name" : "SUSE-SU-2015:0344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name" : "SUSE-SU-2015:0345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name" : "SUSE-SU-2015:0392",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name" : "70565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70565"
},
{
"name" : "61163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61163"
},
{
"name" : "61164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61164"
},
{
"name" : "61609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1880",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html"
},
{
"name": "RHSA-2014:1657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1657.html"
},
{
"name": "70565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70565"
},
{
"name": "RHSA-2014:1877",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html"
},
{
"name": "61609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61609"
},
{
"name": "61163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61163"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name": "HPSBUX03218",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name": "SUSE-SU-2014:1549",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name": "RHSA-2014:1876",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html"
},
{
"name": "RHSA-2015:0264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html"
},
{
"name": "SUSE-SU-2015:0392",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name": "SUSE-SU-2014:1526",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name": "SUSE-SU-2015:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name": "RHSA-2014:1882",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "RHSA-2014:1658",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1658.html"
},
{
"name": "61164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61164"
},
{
"name": "SSRT101770",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "SUSE-SU-2015:0344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6557.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70512"
},
{
"name" : "1031041",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031041"
},
{
"name": "70512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70512"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

130
2014/6xxx/CVE-2014-6635.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html"
},
{
"name" : "exponentcms-indexsrc-xss(96158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "exponentcms-indexsrc-xss(96158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96158"
},
{
"name": "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128335/Exponent-CMS-2.3.0-Cross-Site-Scripting.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6698.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#355721",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/355721"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#355721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355721"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6894.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#577041",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/577041"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#577041",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/577041"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7044.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#418113",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/418113"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#418113",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/418113"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7474.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7474",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7474",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/7xxx/CVE-2014-7556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7556",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7556",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7722.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#223897",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/223897"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#223897",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/223897"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2016/2xxx/CVE-2016-2271.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-170.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-170.html"
},
{
"name" : "http://support.citrix.com/article/CTX209443",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX209443"
},
{
"name" : "DSA-3519",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3519"
},
{
"name" : "FEDORA-2016-e48f4bd14f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html"
},
{
"name" : "FEDORA-2016-f8121efdac",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "1035043",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3519",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3519"
},
{
"name": "FEDORA-2016-e48f4bd14f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html"
},
{
"name": "FEDORA-2016-f8121efdac",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178518.html"
},
{
"name": "1035043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035043"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-170.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-170.html"
},
{
"name": "http://support.citrix.com/article/CTX209443",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX209443"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
}
]
}
}

34
2016/2xxx/CVE-2016-2706.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2706",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2706",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

120
2016/2xxx/CVE-2016-2883.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983347",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983347",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983347"
}
]
}
}

140
2016/2xxx/CVE-2016-2934.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991870",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991870"
},
{
"name" : "IV89795",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89795"
},
{
"name" : "94987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94987"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94987"
},
{
"name": "IV89795",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89795"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991870"
}
]
}
}

140
2016/2xxx/CVE-2016-2997.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988991"
},
{
"name" : "LO89929",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929"
},
{
"name" : "92580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92580"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988991"
},
{
"name": "92580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92580"
},
{
"name": "LO89929",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929"
}
]
}
}

132
2017/18xxx/CVE-2017-18146.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-18146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cryptographic Issues in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-18146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

170
2017/1xxx/CVE-2017-1381.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-18T00:00:00",
"ID" : "CVE-2017-1381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2017-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004792",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004792"
},
{
"name" : "99917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99917"
},
{
"name" : "1038985",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004792",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004792"
},
{
"name": "99917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99917"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127152"
},
{
"name": "1038985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038985"
}
]
}
}

174
2017/1xxx/CVE-2017-1450.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-1450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Sourcing",
"version" : {
"version_data" : [
{
"version_value" : "9.5"
},
{
"version_value" : "10.0.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.0.2"
},
{
"version_value" : "10.0.4"
},
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.1"
},
{
"version_value" : "10.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
]
}
}

34
2017/1xxx/CVE-2017-1862.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1862",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1862",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1961",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1961",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

184
2017/5xxx/CVE-2017-5421.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Print preview spoofing"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Print preview spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
}
]
}
}

130
2017/5xxx/CVE-2017-5644.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-5644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache POI",
"version" : {
"version_data" : [
{
"version_value" : "before 3.15"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XXE"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache POI",
"version": {
"version_data": [
{
"version_value": "before 3.15"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15",
"refsource" : "CONFIRM",
"url" : "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15"
},
{
"name" : "96983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15",
"refsource": "CONFIRM",
"url": "http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15"
},
{
"name": "96983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96983"
}
]
}
}

150
2017/5xxx/CVE-2017-5976.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/14/3"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/"
},
{
"name" : "DSA-3878",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3878"
},
{
"name" : "96268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/3"
},
{
"name": "96268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96268"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/"
},
{
"name": "DSA-3878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3878"
}
]
}
}