admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:14:56 +00:00
parent 6e6df0d5c6
commit ba66324bd3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4199 additions and 4199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0068.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html"
},
{
"name" : "16125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16125"
},
{
"name" : "ADV-2006-0008",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0008"
},
{
"name" : "22146",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22146"
},
{
"name" : "22147",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22147"
},
{
"name" : "18264",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0008"
},
{
"name": "22146",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22146"
},
{
"name": "18264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18264"
},
{
"name": "16125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16125"
},
{
"name": "22147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22147"
},
{
"name": "http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html"
}
]
}
}

190
2006/0xxx/CVE-2006-0393.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-08-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name" : "TA06-214A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name" : "19289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19289"
},
{
"name" : "ADV-2006-3101",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name" : "27745",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27745"
},
{
"name" : "1016672",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016672"
},
{
"name" : "21253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21253"
},
{
"name" : "macosx-openssh-nonexistent-user-dos(28147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "27745",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27745"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "1016672",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016672"
},
{
"name": "macosx-openssh-nonexistent-user-dos(28147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28147"
}
]
}
}

370
2006/0xxx/CVE-2006-0435.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060125 Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423029/100/0/threaded"
},
{
"name" : "20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423673/100/0/threaded"
},
{
"name" : "20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424394/100/0/threaded"
},
{
"name" : "20060125 Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html"
},
{
"name" : "20060202 The History of the Oracle PLSQL Gateway Flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423819/100/0/threaded"
},
{
"name" : "20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423822/100/0/threaded"
},
{
"name" : "20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html"
},
{
"name" : "20060202 The History of the Oracle PLSQL Gateway Flaw",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html",
"refsource" : "MISC",
"url" : "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
},
{
"name" : "HPSBMA02113",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name" : "SSRT061148",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name" : "VU#169164",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/169164"
},
{
"name" : "16384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16384"
},
{
"name" : "ADV-2006-0338",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0338"
},
{
"name" : "ADV-2006-1397",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name" : "ADV-2006-1571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1571"
},
{
"name" : "22719",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22719"
},
{
"name" : "1015544",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015544"
},
{
"name" : "1015961",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015961"
},
{
"name" : "18621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18621"
},
{
"name" : "19712",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19712"
},
{
"name" : "19859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19859"
},
{
"name" : "402",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/402"
},
{
"name" : "403",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/403"
},
{
"name" : "oracle-plsql-command-execution(24363)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19712"
},
{
"name": "18621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18621"
},
{
"name": "19859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19859"
},
{
"name": "20060202 The History of the Oracle PLSQL Gateway Flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423819/100/0/threaded"
},
{
"name": "20060125 Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423029/100/0/threaded"
},
{
"name": "402",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/402"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"
},
{
"name": "1015544",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015544"
},
{
"name": "20060131 Re: Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423673/100/0/threaded"
},
{
"name": "ADV-2006-1571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1571"
},
{
"name": "ADV-2006-0338",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0338"
},
{
"name": "16384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16384"
},
{
"name": "403",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/403"
},
{
"name": "SSRT061148",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "oracle-plsql-command-execution(24363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24363"
},
{
"name": "20060125 Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html"
},
{
"name": "20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423822/100/0/threaded"
},
{
"name": "20060208 Re: Workaround for unpatched Oracle PLSQL Gateway flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424394/100/0/threaded"
},
{
"name": "20060202 The History of the Oracle PLSQL Gateway Flaw",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
},
{
"name": "ADV-2006-1397",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1397"
},
{
"name": "22719",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22719"
},
{
"name": "HPSBMA02113",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"
},
{
"name": "VU#169164",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/169164"
},
{
"name": "20060202 More on the workaround for the unpatched Oracle PLSQL Gateway flaw",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html"
},
{
"name": "1015961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015961"
}
]
}
}

190
2006/0xxx/CVE-2006-0873.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060218 Coppermine Photo Gallery <=1.4.3 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425387"
},
{
"name" : "http://retrogod.altervista.org/cpg_143_adv.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"name" : "http://coppermine-gallery.net/forum/index.php?topic=28062.0",
"refsource" : "CONFIRM",
"url" : "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name" : "16718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16718"
},
{
"name" : "ADV-2006-0669",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name" : "1015646",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015646"
},
{
"name" : "18941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18941"
},
{
"name" : "coppermine-showdoc-file-include(24816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0669",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0669"
},
{
"name": "coppermine-showdoc-file-include(24816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24816"
},
{
"name": "16718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16718"
},
{
"name": "20060218 Coppermine Photo Gallery <=1.4.3 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425387"
},
{
"name": "18941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18941"
},
{
"name": "http://retrogod.altervista.org/cpg_143_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/cpg_143_adv.html"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=28062.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=28062.0"
},
{
"name": "1015646",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015646"
}
]
}
}

180
2006/3xxx/CVE-2006-3007.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060608 bug of script injection in shoutcast servers",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=114980135615062&w=2"
},
{
"name" : "GLSA-200607-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
},
{
"name" : "18376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18376"
},
{
"name" : "ADV-2006-2254",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2254"
},
{
"name" : "20524",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20524"
},
{
"name" : "21005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21005"
},
{
"name" : "shoutcast-djfields-xss(27129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2254",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2254"
},
{
"name": "20524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20524"
},
{
"name": "GLSA-200607-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml"
},
{
"name": "21005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21005"
},
{
"name": "20060608 bug of script injection in shoutcast servers",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=114980135615062&w=2"
},
{
"name": "shoutcast-djfields-xss(27129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129"
},
{
"name": "18376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18376"
}
]
}
}

170
2006/3xxx/CVE-2006-3028.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1908",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1908"
},
{
"name" : "20060615 source verify of Minerva (phpbb_root_path) issue",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000863.html"
},
{
"name" : "ADV-2006-2313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2313"
},
{
"name" : "26428",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26428"
},
{
"name" : "20536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20536"
},
{
"name" : "minerva-modules-file-include(27060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060615 source verify of Minerva (phpbb_root_path) issue",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-June/000863.html"
},
{
"name": "26428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26428"
},
{
"name": "20536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20536"
},
{
"name": "ADV-2006-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2313"
},
{
"name": "minerva-modules-file-include(27060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27060"
},
{
"name": "1908",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1908"
}
]
}
}

170
2006/3xxx/CVE-2006-3438.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-050",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name" : "TA06-220A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name" : "VU#683612",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/683612"
},
{
"name" : "19405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19405"
},
{
"name" : "oval:org.mitre.oval:def:115",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name" : "1016659",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016659",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
]
}
}

170
2006/3xxx/CVE-2006-3559.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439494/100/0/threaded"
},
{
"name" : "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt",
"refsource" : "MISC",
"url" : "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt"
},
{
"name" : "18867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18867"
},
{
"name" : "28201",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28201"
},
{
"name" : "1226",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1226"
},
{
"name" : "auracms-name-pesan-sql-injection(27705)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28201",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28201"
},
{
"name": "20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439494/100/0/threaded"
},
{
"name": "auracms-name-pesan-sql-injection(27705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27705"
},
{
"name": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt",
"refsource": "MISC",
"url": "http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt"
},
{
"name": "1226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1226"
},
{
"name": "18867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18867"
}
]
}
}

160
2006/3xxx/CVE-2006-3899.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html"
},
{
"name" : "19102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19102"
},
{
"name" : "ADV-2006-2916",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2916"
},
{
"name" : "27230",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27230"
},
{
"name" : "ie-cenroll-stringtobinary-dos(27884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19102"
},
{
"name": "ADV-2006-2916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2916"
},
{
"name": "27230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27230"
},
{
"name": "ie-cenroll-stringtobinary-dos(27884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27884"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html"
}
]
}
}

320
2006/4xxx/CVE-2006-4330.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060825 rPSA-2006-0158-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444323/100/0/threaded"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-02.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"
},
{
"name" : "https://issues.rpath.com/browse/RPL-597",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-597"
},
{
"name" : "GLSA-200608-26",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-26.xml"
},
{
"name" : "MDKSA-2006:152",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"
},
{
"name" : "RHSA-2006:0658",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0658.html"
},
{
"name" : "VU#808832",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/808832"
},
{
"name" : "19690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19690"
},
{
"name" : "oval:org.mitre.oval:def:9869",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9869"
},
{
"name" : "oval:org.mitre.oval:def:14684",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14684"
},
{
"name" : "ADV-2006-3370",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3370"
},
{
"name" : "1016736",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016736"
},
{
"name" : "21597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21597"
},
{
"name" : "21649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21649"
},
{
"name" : "21619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21619"
},
{
"name" : "21682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21682"
},
{
"name" : "21885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21885"
},
{
"name" : "22378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22378"
},
{
"name" : "wireshark-scsi-dos(28550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28550"
},
{
"name" : "wireshark-esp-offbyone(28553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3370"
},
{
"name": "https://issues.rpath.com/browse/RPL-597",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-597"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"
},
{
"name": "21682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21682"
},
{
"name": "19690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19690"
},
{
"name": "oval:org.mitre.oval:def:9869",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9869"
},
{
"name": "1016736",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016736"
},
{
"name": "RHSA-2006:0658",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0658.html"
},
{
"name": "21649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21649"
},
{
"name": "MDKSA-2006:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2006-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2006-02.html"
},
{
"name": "oval:org.mitre.oval:def:14684",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14684"
},
{
"name": "21619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21619"
},
{
"name": "GLSA-200608-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-26.xml"
},
{
"name": "wireshark-scsi-dos(28550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28550"
},
{
"name": "wireshark-esp-offbyone(28553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"
},
{
"name": "21885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21885"
},
{
"name": "21597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21597"
},
{
"name": "VU#808832",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/808832"
},
{
"name": "20060825 rPSA-2006-0158-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444323/100/0/threaded"
},
{
"name": "22378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22378"
}
]
}
}

140
2006/6xxx/CVE-2006-6225.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1963",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1963"
},
{
"name" : "18740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18740"
},
{
"name" : "geeklog-multiple-scripts-file-include(27469)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "18740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18740"
},
{
"name": "1963",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1963"
}
]
}
}

160
2006/7xxx/CVE-2006-7247.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-7247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1922",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/1922"
},
{
"name" : "[oss-security] 20111224 CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/12/24/2"
},
{
"name" : "[oss-security] 20111224 Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/12/24/3"
},
{
"name" : "26626",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26626"
},
{
"name" : "20746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111224 CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/24/2"
},
{
"name": "1922",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/1922"
},
{
"name": "20746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20746"
},
{
"name": "[oss-security] 20111224 Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/24/3"
},
{
"name": "26626",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26626"
}
]
}
}

300
2010/2xxx/CVE-2010-2059.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name" : "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/02/2"
},
{
"name" : "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name" : "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127559059928131&w=2"
},
{
"name" : "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name" : "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/04/1"
},
{
"name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name" : "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383",
"refsource" : "CONFIRM",
"url" : "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"name" : "MDVSA-2010:180",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name" : "RHSA-2010:0679",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "65143",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65143"
},
{
"name" : "40028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40028"
},
{
"name" : "ADV-2011-0606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
"refsource": "CONFIRM",
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "RHSA-2010:0679",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0679.html"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commit;h=ca2d6b2b484f1501eafdde02e1688409340d2383"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "65143",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65143"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "40028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40028"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127559059928131&w=2"
},
{
"name": "MDVSA-2010:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name": "[oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/2"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "[oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/02/3"
},
{
"name": "[oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/03/5"
},
{
"name": "[oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/04/1"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}

160
2010/2xxx/CVE-2010-2456.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13964",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13964"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/linkerimg-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/linkerimg-rfi.txt"
},
{
"name" : "20100625 some discrepancies: Linker IMG <=1.0 RFI",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2010-June/002354.html"
},
{
"name" : "ADV-2010-1562",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1562"
},
{
"name" : "linkerimg-index-file-include(59614)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59614"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linkerimg-index-file-include(59614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59614"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/linkerimg-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/linkerimg-rfi.txt"
},
{
"name": "20100625 some discrepancies: Linker IMG <=1.0 RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2010-June/002354.html"
},
{
"name": "ADV-2010-1562",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1562"
},
{
"name": "13964",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13964"
}
]
}
}

150
2010/2xxx/CVE-2010-2623.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14144",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14144"
},
{
"name" : "41275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41275"
},
{
"name" : "ADV-2010-1677",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1677"
},
{
"name" : "bedandbreakfast-pages-sql-injection(59964)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1677",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1677"
},
{
"name": "bedandbreakfast-pages-sql-injection(59964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59964"
},
{
"name": "41275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41275"
},
{
"name": "14144",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14144"
}
]
}
}

150
2010/2xxx/CVE-2010-2670.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14224",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14224"
},
{
"name" : "41365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41365"
},
{
"name" : "ADV-2010-1714",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1714"
},
{
"name" : "recipe-recipedetail-sql-injection(60070)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14224",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14224"
},
{
"name": "ADV-2010-1714",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1714"
},
{
"name": "recipe-recipedetail-sql-injection(60070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60070"
},
{
"name": "41365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41365"
}
]
}
}

160
2010/2xxx/CVE-2010-2881.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513328/100/0/threaded"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "oval:org.mitre.oval:def:11614",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11614"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11614"
},
{
"name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2881",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513328/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

150
2010/3xxx/CVE-2010-3313.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11777",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11777/"
},
{
"name" : "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/21/7"
},
{
"name" : "http://www.egroupware.org/news?item=93",
"refsource" : "CONFIRM",
"url" : "http://www.egroupware.org/news?item=93"
},
{
"name" : "DSA-2013",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11777",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"name": "http://www.egroupware.org/news?item=93",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
]
}
}

150
2010/3xxx/CVE-2010-3898.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101109 IBM OmniFind - several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource" : "MISC",
"url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name" : "44740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44740"
},
{
"name" : "ADV-2010-2933",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101109 IBM OmniFind - several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name": "44740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44740"
},
{
"name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource": "MISC",
"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name": "ADV-2010-2933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}

190
2011/0xxx/CVE-2011-0274.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02622",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129562482815203&w=2"
},
{
"name" : "SSRT100342",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129562482815203&w=2"
},
{
"name" : "45944",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45944"
},
{
"name" : "1024986",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024986"
},
{
"name" : "43014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43014"
},
{
"name" : "43018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43018"
},
{
"name" : "ADV-2011-0188",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0188"
},
{
"name" : "hp-bac-bsm-xss(64846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100342",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129562482815203&w=2"
},
{
"name": "43014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43014"
},
{
"name": "HPSBMA02622",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129562482815203&w=2"
},
{
"name": "1024986",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024986"
},
{
"name": "ADV-2011-0188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0188"
},
{
"name": "hp-bac-bsm-xss(64846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64846"
},
{
"name": "45944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45944"
},
{
"name": "43018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43018"
}
]
}
}

34
2011/0xxx/CVE-2011-0298.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0298",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/0xxx/CVE-2011-0542.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110201 CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/02/2"
},
{
"name" : "[oss-security] 20110203 Re: CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/03/5"
},
{
"name" : "[oss-security] 20110208 Re: CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/08/4"
},
{
"name" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873",
"refsource" : "CONFIRM",
"url" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873",
"refsource": "CONFIRM",
"url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873"
},
{
"name": "[oss-security] 20110201 CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
},
{
"name": "[oss-security] 20110203 Re: CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
},
{
"name": "[oss-security] 20110208 Re: CVE request: fuse",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
}
]
}
}

170
2011/0xxx/CVE-2011-0546.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00"
},
{
"name" : "HPSBUX02700",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131489365508507&w=2"
},
{
"name" : "SSRT100506",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=131489365508507&w=2"
},
{
"name" : "47824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47824"
},
{
"name" : "44698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44698"
},
{
"name" : "8300",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX02700",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131489365508507&w=2"
},
{
"name": "8300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8300"
},
{
"name": "44698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44698"
},
{
"name": "SSRT100506",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=131489365508507&w=2"
},
{
"name": "47824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47824"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00"
}
]
}
}

290
2011/0xxx/CVE-2011-0786.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name" : "HPSBUX02697",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "SSRT100591",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "SUSE-SA:2011:032",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
},
{
"name" : "SUSE-SA:2011:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name" : "SUSE-SA:2011:036",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
},
{
"name" : "SUSE-SU-2011:0807",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name" : "SUSE-SU-2011:0863",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
},
{
"name" : "SUSE-SU-2011:0966",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
},
{
"name" : "openSUSE-SU-2011:0633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name" : "48133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48133"
},
{
"name" : "oval:org.mitre.oval:def:14382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14382"
},
{
"name" : "oval:org.mitre.oval:def:14604",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14604"
},
{
"name" : "44930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2011:0863",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "SUSE-SA:2011:036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
},
{
"name": "SUSE-SA:2011:032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name": "SUSE-SU-2011:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
},
{
"name": "48133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48133"
},
{
"name": "44930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44930"
},
{
"name": "SUSE-SA:2011:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:14604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14604"
},
{
"name": "SSRT100591",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "oval:org.mitre.oval:def:14382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14382"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "SUSE-SU-2011:0807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name": "openSUSE-SU-2011:0633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name": "HPSBUX02697",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
}

200
2011/0xxx/CVE-2011-0898.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02643",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130270893704066&w=2"
},
{
"name" : "SSRT100416",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130270893704066&w=2"
},
{
"name" : "47341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47341"
},
{
"name" : "71831",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71831"
},
{
"name" : "1025354",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025354"
},
{
"name" : "44185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44185"
},
{
"name" : "8202",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8202"
},
{
"name" : "ADV-2011-0974",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0974"
},
{
"name" : "hp-nnmi-unspec-xss(66706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8202"
},
{
"name": "HPSBMA02643",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130270893704066&w=2"
},
{
"name": "44185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44185"
},
{
"name": "47341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47341"
},
{
"name": "71831",
"refsource": "OSVDB",
"url": "http://osvdb.org/71831"
},
{
"name": "SSRT100416",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130270893704066&w=2"
},
{
"name": "1025354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025354"
},
{
"name": "ADV-2011-0974",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0974"
},
{
"name": "hp-nnmi-unspec-xss(66706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66706"
}
]
}
}

220
2011/1xxx/CVE-2011-1012.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516615/100/0/threaded"
},
{
"name" : "[mm-commits] 20110222 + ldm-corrupted-partition-table-can-cause-kernel-oops.patch added to -mm tree",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/mm-commits/msg82429.html"
},
{
"name" : "[oss-security] 20110223 CVE request: kernel: Corrupted LDM partition table issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/23/4"
},
{
"name" : "[oss-security] 20110223 Re: CVE request: kernel: Corrupted LDM partition table issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/23/21"
},
{
"name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt",
"refsource" : "MISC",
"url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=294f6cf48666825d23c9372ef37631232746e40d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=294f6cf48666825d23c9372ef37631232746e40d"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log"
},
{
"name" : "USN-1146-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name" : "46512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46512"
},
{
"name" : "1025127",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025127"
},
{
"name" : "8115",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name": "1025127",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025127"
},
{
"name": "46512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46512"
},
{
"name": "8115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8115"
},
{
"name": "[oss-security] 20110223 CVE request: kernel: Corrupted LDM partition table issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/23/4"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=294f6cf48666825d23c9372ef37631232746e40d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=294f6cf48666825d23c9372ef37631232746e40d"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log"
},
{
"name": "20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516615/100/0/threaded"
},
{
"name": "[oss-security] 20110223 Re: CVE request: kernel: Corrupted LDM partition table issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/23/21"
},
{
"name": "[mm-commits] 20110222 + ldm-corrupted-partition-table-can-cause-kernel-oops.patch added to -mm tree",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/mm-commits/msg82429.html"
},
{
"name": "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt",
"refsource": "MISC",
"url": "http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt"
}
]
}
}

150
2011/1xxx/CVE-2011-1064.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bbs.wolvez.org/viewtopic.php?id=211",
"refsource" : "MISC",
"url" : "http://bbs.wolvez.org/viewtopic.php?id=211"
},
{
"name" : "46445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46445"
},
{
"name" : "43396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43396"
},
{
"name" : "qibocms-list-sql-injection(65485)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qibocms-list-sql-injection(65485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65485"
},
{
"name": "46445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46445"
},
{
"name": "43396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43396"
},
{
"name": "http://bbs.wolvez.org/viewtopic.php?id=211",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/viewtopic.php?id=211"
}
]
}
}

180
2011/1xxx/CVE-2011-1079.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/01/10"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681260",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681260"
},
{
"name" : "https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573"
},
{
"name" : "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource" : "CONFIRM",
"url" : "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name" : "RHSA-2011:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=681260",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681260"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=43629f8f5ea32a998d06d1bb41eefa0e821ff573"
},
{
"name": "[oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/01/10"
},
{
"name": "https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573"
},
{
"name": "RHSA-2011:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100145416",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
}
]
}
}

34
2011/1xxx/CVE-2011-1211.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1211",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1211",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2011/1xxx/CVE-2011-1688.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name" : "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name" : "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource" : "CONFIRM",
"url" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name" : "DSA-2220",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2220"
},
{
"name" : "47383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47383"
},
{
"name" : "44189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44189"
},
{
"name" : "ADV-2011-1071",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name" : "rt-unspecified-dir-traversal(66795)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rt-unspecified-dir-traversal(66795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
},
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}

130
2011/5xxx/CVE-2011-5155.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php"
},
{
"name" : "44170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php"
},
{
"name": "44170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44170"
}
]
}
}

160
2014/3xxx/CVE-2014-3351.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140828 Cisco Intelligent Automation for Cloud Enumeration Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351"
},
{
"name" : "69456",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69456"
},
{
"name" : "1030782",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030782"
},
{
"name" : "60960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60960"
},
{
"name" : "cisco-iac-cve20143351-info-disc(95585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60960"
},
{
"name": "20140828 Cisco Intelligent Automation for Cloud Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351"
},
{
"name": "69456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69456"
},
{
"name": "1030782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030782"
},
{
"name": "cisco-iac-cve20143351-info-disc(95585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95585"
}
]
}
}

130
2014/3xxx/CVE-2014-3899.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#32726697",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN32726697/index.html"
},
{
"name" : "JVNDB-2014-000085",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32726697",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN32726697/index.html"
},
{
"name": "JVNDB-2014-000085",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000085"
}
]
}
}

200
2014/6xxx/CVE-2014-6105.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name" : "IV66496",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name" : "IV66624",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name" : "IV66635",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name" : "IV66637",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name" : "IV66642",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name" : "IV66645",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
},
{
"name" : "62363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62363"
},
{
"name" : "ibm-sim-cve20146105-clickjacking(96144)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV66624",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"
},
{
"name": "IV66642",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"
},
{
"name": "ibm-sim-cve20146105-clickjacking(96144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96144"
},
{
"name": "IV66635",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"
},
{
"name": "IV66496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"
},
{
"name": "62363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62363"
},
{
"name": "IV66637",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"
},
{
"name": "IV66645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"
}
]
}
}

190
2014/6xxx/CVE-2014-6562.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1636",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1636"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "RHSA-2014:1636",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1636.html"
},
{
"name" : "70523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70523"
},
{
"name" : "60416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60416"
},
{
"name" : "61609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61609"
},
{
"name" : "61928",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61609"
},
{
"name": "61928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61928"
},
{
"name": "60416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60416"
},
{
"name": "RHSA-2014:1636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "70523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70523"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1636",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1636"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
}

140
2014/6xxx/CVE-2014-6929.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application 6.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#104657",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/104657"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application 6.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#104657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/104657"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7269.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
"refsource" : "CONFIRM",
"url" : "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
},
{
"name" : "JVN#77792759",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77792759/index.html"
},
{
"name" : "JVNDB-2015-000011",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#77792759",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77792759/index.html"
},
{
"name": "JVNDB-2015-000011",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
},
{
"name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
"refsource": "CONFIRM",
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
}
]
}
}

140
2014/7xxx/CVE-2014-7610.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#499513",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/499513"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#499513",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/499513"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7676.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#945937",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/945937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#945937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/945937"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7856.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7856",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7856",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

230
2014/8xxx/CVE-2014-8710.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-20.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2bd15c7cefcf87aa6b2d9d53477f0ece897ba620",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2bd15c7cefcf87aa6b2d9d53477f0ece897ba620"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3076",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3076"
},
{
"name" : "FEDORA-2014-15320",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html"
},
{
"name" : "RHSA-2015:1460",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1460.html"
},
{
"name" : "openSUSE-SU-2014:1503",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html"
},
{
"name" : "71069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71069"
},
{
"name" : "60231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60231"
},
{
"name" : "60290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60290"
},
{
"name": "60231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60231"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2014-20.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2014-20.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "71069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71069"
},
{
"name": "RHSA-2015:1460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1460.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2bd15c7cefcf87aa6b2d9d53477f0ece897ba620",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2bd15c7cefcf87aa6b2d9d53477f0ece897ba620"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3076",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3076"
},
{
"name": "openSUSE-SU-2014:1503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html"
},
{
"name": "FEDORA-2014-15320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html"
}
]
}
}

150
2014/8xxx/CVE-2014-8998.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35183",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35183"
},
{
"name" : "http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html"
},
{
"name" : "71014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71014"
},
{
"name" : "x7chat-message-code-exec(98513)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98513"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html"
},
{
"name": "35183",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35183"
},
{
"name": "71014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71014"
},
{
"name": "x7chat-message-code-exec(98513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98513"
}
]
}
}

220
2016/2xxx/CVE-2016-2038.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048"
},
{
"name" : "FEDORA-2016-e1fe01e96e",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"
},
{
"name" : "FEDORA-2016-e55278763e",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"
},
{
"name" : "openSUSE-SU-2016:0357",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"
},
{
"name" : "openSUSE-SU-2016:0378",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3"
},
{
"name": "openSUSE-SU-2016:0378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93"
},
{
"name": "openSUSE-SU-2016:0357",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1"
},
{
"name": "FEDORA-2016-e55278763e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"
},
{
"name": "FEDORA-2016-e1fe01e96e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81"
}
]
}
}

150
2016/2xxx/CVE-2016-2195.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=botan-devel&m=145435148602911&w=2"
},
{
"name" : "http://botan.randombit.net/security.html",
"refsource" : "CONFIRM",
"url" : "http://botan.randombit.net/security.html"
},
{
"name" : "DSA-3565",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3565"
},
{
"name" : "GLSA-201612-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-38"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[botan-devel] 20160201 Botan 1.11.28 and 1.10.11 released with security fixes",
"refsource": "MLIST",
"url": "http://marc.info/?l=botan-devel&m=145435148602911&w=2"
},
{
"name": "DSA-3565",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3565"
},
{
"name": "GLSA-201612-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-38"
},
{
"name": "http://botan.randombit.net/security.html",
"refsource": "CONFIRM",
"url": "http://botan.randombit.net/security.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2255.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2255",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2255",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/2xxx/CVE-2016-2344.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#732760",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/732760"
},
{
"name" : "1035426",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#732760",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/732760"
},
{
"name": "1035426",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035426"
}
]
}
}

176
2016/2xxx/CVE-2016-2973.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-23T00:00:00",
"ID" : "CVE-2016-2973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sametime",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.2.1"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2016-2973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sametime",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.2.1"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113899",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113899"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439"
},
{
"name" : "100599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100599"
},
{
"name" : "1039231",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113899",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113899"
},
{
"name": "100599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100599"
},
{
"name": "1039231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039231"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"
}
]
}
}

150
2017/18xxx/CVE-2017-18120.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120"
},
{
"name" : "https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909",
"refsource" : "MISC",
"url" : "https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909"
},
{
"name" : "https://github.com/kohler/gifsicle/issues/117",
"refsource" : "MISC",
"url" : "https://github.com/kohler/gifsicle/issues/117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120"
},
{
"name": "https://github.com/kohler/gifsicle/issues/117",
"refsource": "MISC",
"url": "https://github.com/kohler/gifsicle/issues/117"
},
{
"name": "https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909",
"refsource": "MISC",
"url": "https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909"
}
]
}
}

34
2017/1xxx/CVE-2017-1048.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1048",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1048",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1263.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1263",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1263",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1656.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1656",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1656",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/5xxx/CVE-2017-5122.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 61.0.3163.100 for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 61.0.3163.100 for Windows"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 61.0.3163.100 for Windows",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 61.0.3163.100 for Windows"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html"
},
{
"name" : "https://crbug.com/752423",
"refsource" : "MISC",
"url" : "https://crbug.com/752423"
},
{
"name" : "DSA-3985",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3985"
},
{
"name" : "GLSA-201709-25",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-25"
},
{
"name" : "RHSA-2017:2792",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2792"
},
{
"name" : "100947",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100947"
},
{
"name" : "1039497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100947"
},
{
"name": "GLSA-201709-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-25"
},
{
"name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html"
},
{
"name": "RHSA-2017:2792",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2792"
},
{
"name": "1039497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039497"
},
{
"name": "DSA-3985",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3985"
},
{
"name": "https://crbug.com/752423",
"refsource": "MISC",
"url": "https://crbug.com/752423"
}
]
}
}

34
2017/5xxx/CVE-2017-5212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5212",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5212",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}