admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:12:50 +00:00
parent f22114cecb
commit c2fad5b9b6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 4022 additions and 4022 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2006/0xxx/CVE-2006-0064.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1398",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1398"
},
{
"name" : "ADV-2006-0016",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0016"
},
{
"name": "1398",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1398"
}
]
}
}

180
2006/0xxx/CVE-2006-0174.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060110 Multiple Vulnerabilities in Hummingbird Collaboration",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421392/100/0/threaded"
},
{
"name" : "http://www.securenetwork.it/advisories/sn-2006-01.html",
"refsource" : "MISC",
"url" : "http://www.securenetwork.it/advisories/sn-2006-01.html"
},
{
"name" : "16195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16195"
},
{
"name" : "ADV-2006-0145",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0145"
},
{
"name" : "18411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18411"
},
{
"name" : "328",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/328"
},
{
"name" : "hummingbird-enterprise-information-disclosure(24069)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0145"
},
{
"name": "16195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16195"
},
{
"name": "hummingbird-enterprise-information-disclosure(24069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24069"
},
{
"name": "328",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/328"
},
{
"name": "18411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18411"
},
{
"name": "http://www.securenetwork.it/advisories/sn-2006-01.html",
"refsource": "MISC",
"url": "http://www.securenetwork.it/advisories/sn-2006-01.html"
},
{
"name": "20060110 Multiple Vulnerabilities in Hummingbird Collaboration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421392/100/0/threaded"
}
]
}
}

180
2006/0xxx/CVE-2006-0409.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the \"Add Comment\" field in a comment popup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060123 [eVuln] Pixelpost Photoblog XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423384/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/45/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/45/summary.html"
},
{
"name" : "16362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16362"
},
{
"name" : "ADV-2006-0309",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0309"
},
{
"name" : "1015529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015529"
},
{
"name" : "18572",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18572"
},
{
"name" : "pixelpost-index-xss(24261)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the \"Add Comment\" field in a comment popup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015529"
},
{
"name": "pixelpost-index-xss(24261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24261"
},
{
"name": "ADV-2006-0309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0309"
},
{
"name": "http://evuln.com/vulns/45/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/45/summary.html"
},
{
"name": "18572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18572"
},
{
"name": "20060123 [eVuln] Pixelpost Photoblog XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423384/100/0/threaded"
},
{
"name": "16362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16362"
}
]
}
}

150
2006/0xxx/CVE-2006-0828.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to \"reduce effectiveness of security features\" via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf"
},
{
"name" : "ADV-2006-0668",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0668"
},
{
"name" : "1015648",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015648"
},
{
"name" : "18952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to \"reduce effectiveness of security features\" via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0668"
},
{
"name": "1015648",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015648"
},
{
"name": "18952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18952"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_001.pdf"
}
]
}
}

180
2006/3xxx/CVE-2006-3156.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html"
},
{
"name" : "18577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18577"
},
{
"name" : "ADV-2006-2479",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2479"
},
{
"name" : "26746",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26746"
},
{
"name" : "1016354",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016354"
},
{
"name" : "20737",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20737"
},
{
"name" : "ultimate-eshop-index-xss(27265)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18577"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html"
},
{
"name": "ADV-2006-2479",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2479"
},
{
"name": "1016354",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016354"
},
{
"name": "ultimate-eshop-index-xss(27265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27265"
},
{
"name": "26746",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26746"
},
{
"name": "20737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20737"
}
]
}
}

170
2006/3xxx/CVE-2006-3177.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1912",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1912"
},
{
"name" : "18494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18494"
},
{
"name" : "ADV-2006-2404",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2404"
},
{
"name" : "26598",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26598"
},
{
"name" : "20680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20680"
},
{
"name" : "bpp-rtfparser-file-include(27088)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bpp-rtfparser-file-include(27088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27088"
},
{
"name": "20680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20680"
},
{
"name": "1912",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1912"
},
{
"name": "ADV-2006-2404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2404"
},
{
"name": "26598",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26598"
},
{
"name": "18494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18494"
}
]
}
}

200
2006/3xxx/CVE-2006-3693.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060714 Rocks Clusters <=4.1 local root",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440126/100/0/threaded"
},
{
"name" : "http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt",
"refsource" : "MISC",
"url" : "http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt"
},
{
"name" : "http://xavier.tigerteam.se/exploits/rocksmountdirty.sh",
"refsource" : "MISC",
"url" : "http://xavier.tigerteam.se/exploits/rocksmountdirty.sh"
},
{
"name" : "http://xavier.tigerteam.se/exploits/rocksumountdirty.py",
"refsource" : "MISC",
"url" : "http://xavier.tigerteam.se/exploits/rocksumountdirty.py"
},
{
"name" : "19003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19003"
},
{
"name" : "ADV-2006-2833",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2833"
},
{
"name" : "21065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21065"
},
{
"name" : "1242",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1242"
},
{
"name" : "rocks-mount-umount-privilege-escalation(27758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xavier.tigerteam.se/exploits/rocksumountdirty.py",
"refsource": "MISC",
"url": "http://xavier.tigerteam.se/exploits/rocksumountdirty.py"
},
{
"name": "rocks-mount-umount-privilege-escalation(27758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27758"
},
{
"name": "19003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19003"
},
{
"name": "http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt",
"refsource": "MISC",
"url": "http://xavier.tigerteam.se/advisories/TSEAD-200606-6.txt"
},
{
"name": "1242",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1242"
},
{
"name": "21065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21065"
},
{
"name": "20060714 Rocks Clusters <=4.1 local root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440126/100/0/threaded"
},
{
"name": "ADV-2006-2833",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2833"
},
{
"name": "http://xavier.tigerteam.se/exploits/rocksmountdirty.sh",
"refsource": "MISC",
"url": "http://xavier.tigerteam.se/exploits/rocksmountdirty.sh"
}
]
}
}

160
2006/3xxx/CVE-2006-3829.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060717 boastMachine <= 3.1 SQL Injection Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440306/100/0/threaded"
},
{
"name" : "http://www.acid-root.new.fr/advisories/boastmachine.txt",
"refsource" : "MISC",
"url" : "http://www.acid-root.new.fr/advisories/boastmachine.txt"
},
{
"name" : "1016515",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016515"
},
{
"name" : "21066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21066"
},
{
"name" : "1252",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21066"
},
{
"name": "1016515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016515"
},
{
"name": "20060717 boastMachine <= 3.1 SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440306/100/0/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/boastmachine.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/boastmachine.txt"
},
{
"name": "1252",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1252"
}
]
}
}

170
2006/4xxx/CVE-2006-4204.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2190",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2190"
},
{
"name" : "http://phprojekt.com/modules.php?op=modload&name=News&file=article&sid=257&mode=thread&order=0",
"refsource" : "CONFIRM",
"url" : "http://phprojekt.com/modules.php?op=modload&name=News&file=article&sid=257&mode=thread&order=0"
},
{
"name" : "19541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19541"
},
{
"name" : "ADV-2006-3284",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3284"
},
{
"name" : "21526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21526"
},
{
"name" : "phprojekt-libpath-file-include(28560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21526"
},
{
"name": "19541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19541"
},
{
"name": "http://phprojekt.com/modules.php?op=modload&name=News&file=article&sid=257&mode=thread&order=0",
"refsource": "CONFIRM",
"url": "http://phprojekt.com/modules.php?op=modload&name=News&file=article&sid=257&mode=thread&order=0"
},
{
"name": "phprojekt-libpath-file-include(28560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
},
{
"name": "2190",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2190"
},
{
"name": "ADV-2006-3284",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3284"
}
]
}
}

34
2006/4xxx/CVE-2006-4225.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4225",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3139. Reason: This candidate is a duplicate of CVE-2006-3139. Notes: All CVE users should reference CVE-2006-3139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-4225",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3139. Reason: This candidate is a duplicate of CVE-2006-3139. Notes: All CVE users should reference CVE-2006-3139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2006/4xxx/CVE-2006-4283.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060819 [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443752/100/0/threaded"
},
{
"name" : "19603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19603"
},
{
"name" : "1432",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1432"
},
{
"name" : "spaweditor-spawdir-file-include(28466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060819 [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443752/100/0/threaded"
},
{
"name": "19603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19603"
},
{
"name": "spaweditor-spawdir-file-include(28466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28466"
},
{
"name": "1432",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1432"
}
]
}
}

190
2006/4xxx/CVE-2006-4284.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060820 LBlog <= \"comments.asp\" SQL Injection Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443872/100/0/threaded"
},
{
"name" : "2230",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2230"
},
{
"name" : "19607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19607"
},
{
"name" : "28036",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28036"
},
{
"name" : "1016721",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016721"
},
{
"name" : "21596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21596"
},
{
"name" : "1445",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1445"
},
{
"name" : "lblog-comments-sql-injection(28472)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060820 LBlog <= \"comments.asp\" SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443872/100/0/threaded"
},
{
"name": "21596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21596"
},
{
"name": "lblog-comments-sql-injection(28472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28472"
},
{
"name": "1445",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1445"
},
{
"name": "2230",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2230"
},
{
"name": "1016721",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016721"
},
{
"name": "19607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19607"
},
{
"name": "28036",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28036"
}
]
}
}

190
2006/4xxx/CVE-2006-4308.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060822 BlackBoard Multiple Vulnerabilities (XSS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
},
{
"name" : "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
},
{
"name" : "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
},
{
"name" : "19308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19308"
},
{
"name" : "ADV-2006-3366",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3366"
},
{
"name" : "1016735",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016735"
},
{
"name" : "21577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21577"
},
{
"name" : "blackboard-multiple-xss(28537)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19308"
},
{
"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
},
{
"name": "ADV-2006-3366",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3366"
},
{
"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
},
{
"name": "blackboard-multiple-xss(28537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
},
{
"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
},
{
"name": "21577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21577"
},
{
"name": "1016735",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016735"
}
]
}
}

160
2006/4xxx/CVE-2006-4564.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060901 Sql injection in SMF [Admin section]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html"
},
{
"name" : "ADV-2006-3435",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3435"
},
{
"name" : "21740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21740"
},
{
"name" : "1506",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1506"
},
{
"name" : "smf-manageboards-sql-injection(28716)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smf-manageboards-sql-injection(28716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28716"
},
{
"name": "20060901 Sql injection in SMF [Admin section]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html"
},
{
"name": "21740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21740"
},
{
"name": "1506",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1506"
},
{
"name": "ADV-2006-3435",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3435"
}
]
}
}

170
2010/2xxx/CVE-2010-2314.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/nucleustwitter-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/nucleustwitter-rfi.txt"
},
{
"name" : "http://www.exploit-db.com/exploits/12790/",
"refsource" : "MISC",
"url" : "http://www.exploit-db.com/exploits/12790/"
},
{
"name" : "40453",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40453"
},
{
"name" : "65007",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65007"
},
{
"name" : "39997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39997"
},
{
"name" : "ADV-2010-1284",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/exploits/12790/",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/12790/"
},
{
"name": "40453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40453"
},
{
"name": "ADV-2010-1284",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1284"
},
{
"name": "65007",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65007"
},
{
"name": "39997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39997"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/nucleustwitter-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/nucleustwitter-rfi.txt"
}
]
}
}

190
2010/2xxx/CVE-2010-2443.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127736307002102&w=2"
},
{
"name" : "[oss-security] 20100629 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127781315415896&w=2"
},
{
"name" : "http://www.remotesensing.org/libtiff/v3.9.3.html",
"refsource" : "CONFIRM",
"url" : "http://www.remotesensing.org/libtiff/v3.9.3.html"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145"
},
{
"name" : "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
},
{
"name" : "GLSA-201209-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name" : "50726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50726"
},
{
"name" : "ADV-2011-0204",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0204"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.remotesensing.org/libtiff/v3.9.3.html",
"refsource": "CONFIRM",
"url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
},
{
"name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127736307002102&w=2"
},
{
"name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127781315415896&w=2"
},
{
"name": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "ADV-2011-0204",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0204"
},
{
"name": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
}
]
}
}

150
2010/2xxx/CVE-2010-2865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "oval:org.mitre.oval:def:11725",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11725"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11725"
},
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

230
2010/3xxx/CVE-2010-3862.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jboss.org/browse/JBPAPP-5253",
"refsource" : "MISC",
"url" : "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641389",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"name" : "https://issues.jboss.org/browse/JBREM-1261",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name" : "RHSA-2010:0937",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name" : "RHSA-2010:0938",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name" : "RHSA-2010:0939",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name" : "RHSA-2010:0959",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"name" : "RHSA-2010:0960",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"name" : "RHSA-2010:0961",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"name" : "RHSA-2010:0962",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"name" : "RHSA-2010:0963",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"name" : "1024813",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.jboss.org/browse/JBPAPP-5253",
"refsource": "MISC",
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name": "RHSA-2010:0938",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=641389",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"name": "RHSA-2010:0960",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"name": "RHSA-2010:0959",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"name": "https://issues.jboss.org/browse/JBREM-1261",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name": "RHSA-2010:0937",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name": "RHSA-2010:0961",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"name": "RHSA-2010:0962",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"name": "RHSA-2010:0939",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name": "RHSA-2010:0963",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"name": "1024813",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024813"
}
]
}
}

130
2010/3xxx/CVE-2010-3882.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/",
"refsource" : "MISC",
"url" : "http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/"
},
{
"name" : "40031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/",
"refsource": "MISC",
"url": "http://security.bkis.com/multiple-vulnerabilities-in-cms-made-simple/"
},
{
"name": "40031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40031"
}
]
}
}

200
2011/0xxx/CVE-2011-0107.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Office Component Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FGA-2011-13.html",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FGA-2011-13.html"
},
{
"name" : "MS11-023",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47246"
},
{
"name" : "71767",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71767"
},
{
"name" : "oval:org.mitre.oval:def:12655",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655"
},
{
"name" : "1025343",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025343"
},
{
"name" : "44015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44015"
},
{
"name" : "ADV-2011-0942",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Office Component Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71767",
"refsource": "OSVDB",
"url": "http://osvdb.org/71767"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "oval:org.mitre.oval:def:12655",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655"
},
{
"name": "MS11-023",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2011-13.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2011-13.html"
},
{
"name": "ADV-2011-0942",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0942"
},
{
"name": "44015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44015"
},
{
"name": "47246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47246"
},
{
"name": "1025343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025343"
}
]
}
}

230
2011/1xxx/CVE-2011-1204.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=74030",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=74030"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
},
{
"name" : "oval:org.mitre.oval:def:13585",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13585"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
},
{
"name" : "google-domtree-code-execution(65968)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:13585",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13585"
},
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "google-domtree-code-execution(65968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65968"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=74030",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=74030"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}

170
2011/1xxx/CVE-2011-1500.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110408 CVE request for pithos information disclosure",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/08/2"
},
{
"name" : "[oss-security] 20110408 Re: CVE request for pithos information disclosure",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/08/4"
},
{
"name" : "https://bugs.launchpad.net/pithos/+bug/733307",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/pithos/+bug/733307"
},
{
"name" : "47300",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47300"
},
{
"name" : "44059",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44059"
},
{
"name" : "pithos-pithos-info-disclosure(66661)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/pithos/+bug/733307",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/pithos/+bug/733307"
},
{
"name": "44059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44059"
},
{
"name": "pithos-pithos-info-disclosure(66661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66661"
},
{
"name": "[oss-security] 20110408 Re: CVE request for pithos information disclosure",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/08/4"
},
{
"name": "47300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47300"
},
{
"name": "[oss-security] 20110408 CVE request for pithos information disclosure",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/08/2"
}
]
}
}

180
2011/1xxx/CVE-2011-1781.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/20/2"
},
{
"name" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9",
"refsource" : "CONFIRM",
"url" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687"
},
{
"name" : "MDVSA-2011:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155"
},
{
"name" : "RHSA-2011:0842",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-0842.html"
},
{
"name" : "47934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47934"
},
{
"name" : "44802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44802"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=702687",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=702687"
},
{
"name": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9",
"refsource": "CONFIRM",
"url": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9"
},
{
"name": "47934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47934"
},
{
"name": "MDVSA-2011:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155"
},
{
"name": "RHSA-2011:0842",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-0842.html"
},
{
"name": "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/20/2"
}
]
}
}

180
2011/5xxx/CVE-2011-5225.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html",
"refsource" : "MISC",
"url" : "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel"
},
{
"name" : "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/"
},
{
"name" : "51089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51089"
},
{
"name" : "77777",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77777"
},
{
"name" : "47020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47020"
},
{
"name" : "sentinel-unspecified-xss(71854)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51089"
},
{
"name": "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/"
},
{
"name": "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html",
"refsource": "MISC",
"url": "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel"
},
{
"name": "sentinel-unspecified-xss(71854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71854"
},
{
"name": "77777",
"refsource": "OSVDB",
"url": "http://osvdb.org/77777"
},
{
"name": "47020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47020"
}
]
}
}

140
2014/3xxx/CVE-2014-3035.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
},
{
"name" : "60480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60480"
},
{
"name" : "ibm-emportis-cve20143035-xss(93194)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60480"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
},
{
"name": "ibm-emportis-cve20143035-xss(93194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93194"
}
]
}
}

130
2014/3xxx/CVE-2014-3455.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
"refsource" : "MLIST",
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
},
{
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
},
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=57025"
}
]
}
}

550
2014/3xxx/CVE-2014-3568.json
View File

@ -1,277 +1,277 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7"
},
{
"name" : "https://www.openssl.org/news/secadv_20141015.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
"refsource" : "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "https://support.apple.com/HT205217",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205217"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10091"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name" : "DSA-3053",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3053"
},
{
"name" : "GLSA-201412-39",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name" : "HPSBUX03162",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141477196830952&w=2"
},
{
"name" : "SSRT101767",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141477196830952&w=2"
},
{
"name" : "HPSBMU03260",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "HPSBOV03227",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142103967620673&w=2"
},
{
"name" : "SSRT101779",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142103967620673&w=2"
},
{
"name" : "SSRT101894",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "HPSBMU03267",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name" : "HPSBMU03304",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name" : "HPSBHF03300",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142804214608580&w=2"
},
{
"name" : "HPSBMU03261",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name" : "HPSBMU03263",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name" : "NetBSD-SA2014-015",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"name" : "openSUSE-SU-2014:1331",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"name" : "SUSE-SU-2014:1357",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"name" : "SUSE-SU-2014:1361",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"name" : "SUSE-SU-2015:0578",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "70585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70585"
},
{
"name" : "1031053",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031053"
},
{
"name" : "61130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61130"
},
{
"name" : "61207",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61207"
},
{
"name" : "61819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61819"
},
{
"name" : "62030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62030"
},
{
"name" : "59627",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59627"
},
{
"name" : "61058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61058"
},
{
"name" : "61073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61073"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "62070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62070"
},
{
"name" : "62124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62124"
},
{
"name" : "openssl-cve20143568-sec-bypass(97037)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV03227",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2"
},
{
"name": "HPSBHF03300",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142804214608580&w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"name": "HPSBUX03162",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2"
},
{
"name": "61130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61130"
},
{
"name": "https://www.openssl.org/news/secadv_20141015.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "62070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62070"
},
{
"name": "70585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70585"
},
{
"name": "61073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61073"
},
{
"name": "HPSBMU03304",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "DSA-3053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBMU03260",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "SSRT101779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "SUSE-SU-2014:1357",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10091"
},
{
"name": "openssl-cve20143568-sec-bypass(97037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037"
},
{
"name": "NetBSD-SA2014-015",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "SSRT101767",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141477196830952&w=2"
},
{
"name": "61207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61207"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "62124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62124"
},
{
"name": "59627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59627"
},
{
"name": "SSRT101894",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "HPSBMU03263",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name": "SUSE-SU-2014:1361",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"name": "HPSBMU03267",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name": "HPSBMU03261",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name": "61058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61058"
},
{
"name": "62030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62030"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "1031053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031053"
},
{
"name": "61819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61819"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}

34
2014/3xxx/CVE-2014-3722.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3722",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3722",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/6xxx/CVE-2014-6619.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34760",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34760"
},
{
"name" : "http://packetstormsecurity.com/files/128337",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128337"
},
{
"name" : "112019",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/112019"
},
{
"name" : "pizzainn-cve20146619-xss(96159)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96159"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34760",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34760"
},
{
"name": "http://packetstormsecurity.com/files/128337",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128337"
},
{
"name": "112019",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/112019"
},
{
"name": "pizzainn-cve20146619-xss(96159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96159"
}
]
}
}

140
2014/7xxx/CVE-2014-7063.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#602209",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/602209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602209",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602209"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

260
2014/7xxx/CVE-2014-7185.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140923 CVE Request: Python 2.7",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/23/5"
},
{
"name" : "[oss-security] 20140925 Re: CVE Request: Python 2.7",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/25/47"
},
{
"name" : "http://bugs.python.org/issue21831",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue21831"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146026",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146026"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "FEDORA-2014-11559",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html"
},
{
"name" : "GLSA-201503-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-10"
},
{
"name" : "RHSA-2015:1064",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1064.html"
},
{
"name" : "RHSA-2015:1330",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1330.html"
},
{
"name" : "openSUSE-SU-2014:1292",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html"
},
{
"name" : "70089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70089"
},
{
"name" : "python-bufferobject-overflow(96193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140925 Re: CVE Request: Python 2.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/25/47"
},
{
"name": "FEDORA-2014-11559",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html"
},
{
"name": "python-bufferobject-overflow(96193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96193"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146026"
},
{
"name": "[oss-security] 20140923 CVE Request: Python 2.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/23/5"
},
{
"name": "RHSA-2015:1064",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1064.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://bugs.python.org/issue21831",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue21831"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201503-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-10"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "RHSA-2015:1330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1330.html"
},
{
"name": "openSUSE-SU-2014:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "70089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70089"
}
]
}
}

160
2014/7xxx/CVE-2014-7830.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141117 Moodle security issues are now public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=275147",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=275147"
},
{
"name" : "71119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71119"
},
{
"name" : "1031215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865"
},
{
"name": "1031215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031215"
},
{
"name": "71119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71119"
},
{
"name": "[oss-security] 20141117 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=275147",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=275147"
}
]
}
}

170
2014/7xxx/CVE-2014-7839.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jboss.org/browse/RESTEASY-1130",
"refsource" : "MISC",
"url" : "https://issues.jboss.org/browse/RESTEASY-1130"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0773",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name" : "RHSA-2015:0850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name" : "RHSA-2015:0851",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name" : "62580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62580"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "RHSA-2015:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "62580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62580"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "https://issues.jboss.org/browse/RESTEASY-1130",
"refsource": "MISC",
"url": "https://issues.jboss.org/browse/RESTEASY-1130"
}
]
}
}

170
2014/8xxx/CVE-2014-8165.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"
},
{
"name" : "[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/02/09/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1073139",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"
},
{
"name" : "RHSA-2016:2607",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2607.html"
},
{
"name" : "72537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72537"
},
{
"name" : "powerpcutils-cve20148165-code-exec(100788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/09/4"
},
{
"name": "[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json",
"refsource": "MLIST",
"url": "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"
},
{
"name": "powerpcutils-cve20148165-code-exec(100788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"
},
{
"name": "RHSA-2016:2607",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2607.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"
},
{
"name": "72537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72537"
}
]
}
}

120
2014/8xxx/CVE-2014-8455.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8464.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8464",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8464",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2014/8xxx/CVE-2014-8594.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-109.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-109.html"
},
{
"name" : "DSA-3140",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3140"
},
{
"name" : "GLSA-201504-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-04"
},
{
"name" : "openSUSE-SU-2015:0226",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name" : "openSUSE-SU-2015:0256",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name" : "71149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71149"
},
{
"name" : "62672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62672"
},
{
"name" : "xen-cve20148594-sec-byass(98767)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201504-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62672"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-109.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-109.html"
},
{
"name": "71149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71149"
},
{
"name": "DSA-3140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "openSUSE-SU-2015:0226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name": "openSUSE-SU-2015:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name": "xen-cve20148594-sec-byass(98767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98767"
}
]
}
}

150
2014/8xxx/CVE-2014-8821.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
},
{
"name" : "macosx-cve20148821-priv-esc(100502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100502"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "macosx-cve20148821-priv-esc(100502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100502"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9629.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9629",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9629",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9833.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
}
]
}
}

390
2016/2xxx/CVE-2016-2053.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/25/4"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300237"
},
{
"name" : "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1937",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name" : "openSUSE-SU-2016:1641",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name" : "SUSE-SU-2016:1985",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name" : "SUSE-SU-2016:2000",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name" : "SUSE-SU-2016:2001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name" : "SUSE-SU-2016:2002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name" : "SUSE-SU-2016:2003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"name" : "SUSE-SU-2016:2006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name" : "SUSE-SU-2016:2007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name" : "SUSE-SU-2016:2010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name" : "SUSE-SU-2016:2011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"name" : "SUSE-SU-2016:1961",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name" : "SUSE-SU-2016:1994",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name" : "SUSE-SU-2016:1995",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name" : "SUSE-SU-2016:2005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name" : "SUSE-SU-2016:2009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name" : "SUSE-SU-2016:2014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name" : "SUSE-SU-2016:2105",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:2184",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "SUSE-SU-2016:2011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"name": "SUSE-SU-2016:2003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "SUSE-SU-2016:2001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/4"
},
{
"name": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2343.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://justinshafer.blogspot.com/2016/02/moving-onto-eaglesoft-aka-patterson.html",
"refsource" : "MISC",
"url" : "http://justinshafer.blogspot.com/2016/02/moving-onto-eaglesoft-aka-patterson.html"
},
{
"name" : "VU#344432",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/344432"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#344432",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/344432"
},
{
"name": "http://justinshafer.blogspot.com/2016/02/moving-onto-eaglesoft-aka-patterson.html",
"refsource": "MISC",
"url": "http://justinshafer.blogspot.com/2016/02/moving-onto-eaglesoft-aka-patterson.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2648.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2648",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2648",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/6xxx/CVE-2016-6598.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"name" : "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
},
{
"name" : "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt",
"refsource" : "MISC",
"url" : "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"name" : "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015",
"refsource" : "CONFIRM",
"url" : "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180126 [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/92"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt"
},
{
"name": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015",
"refsource": "CONFIRM",
"url": "https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015"
},
{
"name": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html"
}
]
}
}

158
2016/6xxx/CVE-2016-6817.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-11-22T00:00:00",
"ID" : "CVE-2016-6817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M11"
},
{
"version_value" : "8.5.0 to 8.5.6"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-11-22T00:00:00",
"ID": "CVE-2016-6817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M1 to 9.0.0.M11"
},
{
"version_value": "8.5.0 to 8.5.6"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20161122 [SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name" : "94462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94462"
},
{
"name" : "1037330",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037330"
},
{
"name": "[announce] 20161122 [SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name": "94462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94462"
}
]
}
}

34
2017/18xxx/CVE-2017-18106.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18106",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18106",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/18xxx/CVE-2017-18361.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Pylons/colander/issues/290",
"refsource" : "MISC",
"url" : "https://github.com/Pylons/colander/issues/290"
},
{
"name" : "https://github.com/Pylons/colander/pull/323",
"refsource" : "MISC",
"url" : "https://github.com/Pylons/colander/pull/323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Pylons/colander/pull/323",
"refsource": "MISC",
"url": "https://github.com/Pylons/colander/pull/323"
},
{
"name": "https://github.com/Pylons/colander/issues/290",
"refsource": "MISC",
"url": "https://github.com/Pylons/colander/issues/290"
}
]
}
}

262
2017/5xxx/CVE-2017-5528.json
View File

@ -1,133 +1,133 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2017-06-28T09:00:00-07",
"ID" : "CVE-2017-5528",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO JasperReports Server cross-site vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO JasperReports Server",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "6.1.1"
},
{
"version_value" : "6.2.0"
},
{
"version_value" : "6.2.1"
},
{
"version_value" : "6.3.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Server Community Edition",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "6.3.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "6.2.0"
}
]
}
},
{
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "6.3.0"
}
]
}
},
{
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "6.3.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below)."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "5.7",
"UI" : "R"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2017-06-28T09:00:00-07",
"ID": "CVE-2017-5528",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Server cross-site vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.2.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.3.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "6.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below)."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "5.7",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017"
}
]
}
}

120
2017/5xxx/CVE-2017-5971.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41261",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41261/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41261",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41261/"
}
]
}
}