admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:23:58 +00:00
parent c8731597e7
commit c41270b6c2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4296 additions and 4296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/2xxx/CVE-2006-2203.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a \"possible bypass of attachment filter.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kerio.com/kms_history.html",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/kms_history.html"
},
{
"name" : "ADV-2006-1610",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1610"
},
{
"name" : "19875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19875"
},
{
"name" : "kerio-mailserver-attachment-bypass(26170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a \"possible bypass of attachment filter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1610",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1610"
},
{
"name": "19875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19875"
},
{
"name": "kerio-mailserver-attachment-bypass(26170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26170"
},
{
"name": "http://www.kerio.com/kms_history.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/kms_history.html"
}
]
}
}

180
2006/2xxx/CVE-2006-2222.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several \"\\\" (backslash) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060502 zawhttpd - Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432955/100/0/threaded"
},
{
"name" : "http://www.securiteam.com/exploits/5OP0315IKK.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5OP0315IKK.html"
},
{
"name" : "17814",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17814"
},
{
"name" : "25671",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25671"
},
{
"name" : "1016030",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016030"
},
{
"name" : "852",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/852"
},
{
"name" : "zawhttpd-get-dos(26257)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several \"\\\" (backslash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25671",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25671"
},
{
"name": "http://www.securiteam.com/exploits/5OP0315IKK.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5OP0315IKK.html"
},
{
"name": "1016030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016030"
},
{
"name": "zawhttpd-get-dos(26257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26257"
},
{
"name": "20060502 zawhttpd - Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432955/100/0/threaded"
},
{
"name": "852",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/852"
},
{
"name": "17814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17814"
}
]
}
}

140
2006/2xxx/CVE-2006-2354.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25476",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25476"
},
{
"name" : "20075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20075"
},
{
"name" : "whatsup-login-username-enumeration(26503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25476",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25476"
},
{
"name": "20075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20075"
},
{
"name": "whatsup-login-username-enumeration(26503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26503"
}
]
}
}

190
2006/2xxx/CVE-2006-2699.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-336.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-336.html"
},
{
"name" : "http://www.geeklog.net/index.php?topic=Security",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/index.php?topic=Security"
},
{
"name" : "18154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18154"
},
{
"name" : "ADV-2006-2050",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name" : "20316",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20316"
},
{
"name" : "993",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/993"
},
{
"name" : "geeklog-getimage-xss(26862)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/index.php?topic=Security",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-getimage-xss(26862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862"
},
{
"name": "http://kapda.ir/advisory-336.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18154"
}
]
}
}

190
2006/2xxx/CVE-2006-2738.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060526 Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435198/100/0/threaded"
},
{
"name" : "http://www.golem.de/0605/45407.html",
"refsource" : "MISC",
"url" : "http://www.golem.de/0605/45407.html"
},
{
"name" : "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815",
"refsource" : "CONFIRM",
"url" : "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815"
},
{
"name" : "18115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18115"
},
{
"name" : "ADV-2006-2037",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2037"
},
{
"name" : "20323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20323"
},
{
"name" : "1012",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1012"
},
{
"name" : "openxchange-ldap-default-account(26761)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26761"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815",
"refsource": "CONFIRM",
"url": "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815"
},
{
"name": "18115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18115"
},
{
"name": "20060526 Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435198/100/0/threaded"
},
{
"name": "ADV-2006-2037",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2037"
},
{
"name": "20323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20323"
},
{
"name": "openxchange-ldap-default-account(26761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26761"
},
{
"name": "1012",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1012"
},
{
"name": "http://www.golem.de/0605/45407.html",
"refsource": "MISC",
"url": "http://www.golem.de/0605/45407.html"
}
]
}
}

150
2006/2xxx/CVE-2006-2966.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains \"/**/\" comment sequences, which bypasses the XSS protection scheme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060606 ParticleSoft Wiki v1.0.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436121/100/0/threaded"
},
{
"name" : "ADV-2006-2170",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2170"
},
{
"name" : "1070",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1070"
},
{
"name" : "particlewiki-edit-xss(26952)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains \"/**/\" comment sequences, which bypasses the XSS protection scheme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1070",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1070"
},
{
"name": "ADV-2006-2170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2170"
},
{
"name": "20060606 ParticleSoft Wiki v1.0.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436121/100/0/threaded"
},
{
"name": "particlewiki-edit-xss(26952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26952"
}
]
}
}

170
2006/3xxx/CVE-2006-3211.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060620 cjGuestbook v1.3 - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438008/100/0/threaded"
},
{
"name" : "18556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18556"
},
{
"name" : "ADV-2006-2488",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2488"
},
{
"name" : "20751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20751"
},
{
"name" : "1141",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1141"
},
{
"name" : "cjguestbook-comments-xss(27322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2488"
},
{
"name": "20751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20751"
},
{
"name": "1141",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1141"
},
{
"name": "18556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18556"
},
{
"name": "20060620 cjGuestbook v1.3 - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438008/100/0/threaded"
},
{
"name": "cjguestbook-comments-xss(27322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27322"
}
]
}
}

200
2006/3xxx/CVE-2006-3571.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060707 PAPOO <=3RC3 sql injection / admin credentials disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439518/100/0/threaded"
},
{
"name" : "1993",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1993"
},
{
"name" : "18895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18895"
},
{
"name" : "ADV-2006-2713",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2713"
},
{
"name" : "27117",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27117"
},
{
"name" : "1016461",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016461"
},
{
"name" : "20978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20978"
},
{
"name" : "1217",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1217"
},
{
"name" : "papoo-internahilfe-xss(27639)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2713"
},
{
"name": "20978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20978"
},
{
"name": "1016461",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016461"
},
{
"name": "18895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18895"
},
{
"name": "20060707 PAPOO <=3RC3 sql injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439518/100/0/threaded"
},
{
"name": "papoo-internahilfe-xss(27639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27639"
},
{
"name": "27117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27117"
},
{
"name": "1217",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1217"
},
{
"name": "1993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1993"
}
]
}
}

170
2006/3xxx/CVE-2006-3673.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/atrondos-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/atrondos-adv.txt"
},
{
"name" : "19015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19015"
},
{
"name" : "ADV-2006-2836",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2836"
},
{
"name" : "21093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21093"
},
{
"name" : "1239",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1239"
},
{
"name" : "armagetron-nnetobject-dos(27787)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1239",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1239"
},
{
"name": "armagetron-nnetobject-dos(27787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787"
},
{
"name": "21093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21093"
},
{
"name": "ADV-2006-2836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2836"
},
{
"name": "http://aluigi.altervista.org/adv/atrondos-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/atrondos-adv.txt"
},
{
"name": "19015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19015"
}
]
}
}

500
2006/3xxx/CVE-2006-3740.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411"
},
{
"name" : "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445812/100/0/threaded"
},
{
"name" : "20070330 VMSA-2007-0002 VMware ESX security updates",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464268/100/0/threaded"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm"
},
{
"name" : "https://issues.rpath.com/browse/RPL-614",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-614"
},
{
"name" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html"
},
{
"name" : "DSA-1193",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1193"
},
{
"name" : "GLSA-200609-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-07.xml"
},
{
"name" : "MDKSA-2006:164",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164"
},
{
"name" : "RHSA-2006:0665",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0665.html"
},
{
"name" : "RHSA-2006:0666",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0666.html"
},
{
"name" : "102780",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "USN-344-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-344-1"
},
{
"name" : "19974",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19974"
},
{
"name" : "oval:org.mitre.oval:def:9454",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454"
},
{
"name" : "ADV-2006-3581",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3581"
},
{
"name" : "ADV-2006-3582",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3582"
},
{
"name" : "ADV-2007-0322",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0322"
},
{
"name" : "ADV-2007-1171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1171"
},
{
"name" : "1016828",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016828"
},
{
"name" : "21864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21864"
},
{
"name" : "21889",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21889"
},
{
"name" : "21890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21890"
},
{
"name" : "21894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21894"
},
{
"name" : "21900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21900"
},
{
"name" : "21904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21904"
},
{
"name" : "21908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21908"
},
{
"name" : "21924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21924"
},
{
"name" : "22141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22141"
},
{
"name" : "22332",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22332"
},
{
"name" : "22560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22560"
},
{
"name" : "23033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23033"
},
{
"name" : "22080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22080"
},
{
"name" : "23899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23899"
},
{
"name" : "23907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23907"
},
{
"name" : "24636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24636"
},
{
"name" : "xorg-server-scancidfont-overflow(28890)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23907"
},
{
"name": "RHSA-2006:0666",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0666.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm"
},
{
"name": "21900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21900"
},
{
"name": "MDKSA-2006:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164"
},
{
"name": "21904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21904"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "21864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21864"
},
{
"name": "21894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21894"
},
{
"name": "USN-344-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-344-1"
},
{
"name": "21889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21889"
},
{
"name": "21908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21908"
},
{
"name": "RHSA-2006:0665",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0665.html"
},
{
"name": "22141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22141"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm"
},
{
"name": "ADV-2007-1171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1171"
},
{
"name": "DSA-1193",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1193"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "https://issues.rpath.com/browse/RPL-614",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-614"
},
{
"name": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html"
},
{
"name": "22332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22332"
},
{
"name": "22560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22560"
},
{
"name": "20070330 VMSA-2007-0002 VMware ESX security updates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded"
},
{
"name": "23033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23033"
},
{
"name": "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445812/100/0/threaded"
},
{
"name": "20060912 Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411"
},
{
"name": "oval:org.mitre.oval:def:9454",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454"
},
{
"name": "GLSA-200609-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-07.xml"
},
{
"name": "102780",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1"
},
{
"name": "24636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24636"
},
{
"name": "ADV-2007-0322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0322"
},
{
"name": "21890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21890"
},
{
"name": "19974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19974"
},
{
"name": "1016828",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016828"
},
{
"name": "ADV-2006-3581",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3581"
},
{
"name": "21924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21924"
},
{
"name": "ADV-2006-3582",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3582"
},
{
"name": "23899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23899"
},
{
"name": "xorg-server-scancidfont-overflow(28890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28890"
}
]
}
}

160
2006/3xxx/CVE-2006-3778.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) \"Save As Draft\" option is used or (2) a \",\" (comma) is inside the \"phrase\" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602"
},
{
"name" : "1016516",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016516"
},
{
"name" : "1016819",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016819"
},
{
"name" : "21096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) \"Save As Draft\" option is used or (2) a \",\" (comma) is inside the \"phrase\" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016516",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016516"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602"
},
{
"name": "1016819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016819"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386"
},
{
"name": "21096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21096"
}
]
}
}

120
2006/6xxx/CVE-2006-6718.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded"
}
]
}
}

150
2006/6xxx/CVE-2006-6781.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061225 HLStats Remote SQL Injection Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455305/100/0/threaded"
},
{
"name" : "3002",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3002"
},
{
"name" : "21740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21740"
},
{
"name" : "2064",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3002",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3002"
},
{
"name": "2064",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2064"
},
{
"name": "20061225 HLStats Remote SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455305/100/0/threaded"
},
{
"name": "21740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21740"
}
]
}
}

140
2006/7xxx/CVE-2006-7219.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5",
"refsource" : "CONFIRM",
"url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5"
},
{
"name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0",
"refsource" : "CONFIRM",
"url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0"
},
{
"name" : "http://issues.ez.no/8795",
"refsource" : "CONFIRM",
"url" : "http://issues.ez.no/8795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5",
"refsource": "CONFIRM",
"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5"
},
{
"name": "http://issues.ez.no/8795",
"refsource": "CONFIRM",
"url": "http://issues.ez.no/8795"
},
{
"name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0",
"refsource": "CONFIRM",
"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0"
}
]
}
}

190
2011/0xxx/CVE-2011-0321.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110126 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/0162.html"
},
{
"name" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt",
"refsource" : "CONFIRM",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt"
},
{
"name" : "46044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46044"
},
{
"name" : "70686",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70686"
},
{
"name" : "1025010",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025010"
},
{
"name" : "43113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43113"
},
{
"name" : "ADV-2011-0241",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0241"
},
{
"name" : "networker-librpc-security-bypass(64997)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt",
"refsource": "CONFIRM",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt"
},
{
"name": "1025010",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025010"
},
{
"name": "46044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46044"
},
{
"name": "networker-librpc-security-bypass(64997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64997"
},
{
"name": "20110126 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-01/0162.html"
},
{
"name": "70686",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70686"
},
{
"name": "43113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43113"
},
{
"name": "ADV-2011-0241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0241"
}
]
}
}

130
2011/0xxx/CVE-2011-0335.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html"
},
{
"name" : "TA11-166A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html"
},
{
"name": "TA11-166A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html"
}
]
}
}

140
2011/0xxx/CVE-2011-0640.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://news.cnet.com/8301-27080_3-20028919-245.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-27080_3-20028919-245.html"
},
{
"name" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou"
},
{
"name" : "http://www.cs.gmu.edu/~astavrou/publications.html",
"refsource" : "MISC",
"url" : "http://www.cs.gmu.edu/~astavrou/publications.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.cnet.com/8301-27080_3-20028919-245.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-27080_3-20028919-245.html"
},
{
"name": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou",
"refsource": "MISC",
"url": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou"
},
{
"name": "http://www.cs.gmu.edu/~astavrou/publications.html",
"refsource": "MISC",
"url": "http://www.cs.gmu.edu/~astavrou/publications.html"
}
]
}
}

140
2011/0xxx/CVE-2011-0782.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=66931",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=66931"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14243",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=66931",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=66931"
},
{
"name": "oval:org.mitre.oval:def:14243",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14243"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html"
}
]
}
}

220
2011/1xxx/CVE-2011-1240.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47217",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47217"
},
{
"name" : "71755",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71755"
},
{
"name" : "oval:org.mitre.oval:def:12547",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12547"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var28-priv-escalation(66422)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "47217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47217"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "oval:org.mitre.oval:def:12547",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12547"
},
{
"name": "71755",
"refsource": "OSVDB",
"url": "http://osvdb.org/71755"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "mswin-win32k-var28-priv-escalation(66422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66422"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
}
]
}
}

180
2011/1xxx/CVE-2011-1922.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt",
"refsource" : "CONFIRM",
"url" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
},
{
"name" : "FEDORA-2011-7555",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"name" : "VU#531342",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/531342"
},
{
"name" : "47986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47986"
},
{
"name" : "72750",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72750"
},
{
"name" : "44865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44865"
},
{
"name" : "unbound-dns-dos(67645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-7555",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"name": "47986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47986"
},
{
"name": "44865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44865"
},
{
"name": "72750",
"refsource": "OSVDB",
"url": "http://osvdb.org/72750"
},
{
"name": "VU#531342",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/531342"
},
{
"name": "unbound-dns-dos(67645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
},
{
"name": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt",
"refsource": "CONFIRM",
"url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
}
]
}
}

150
2011/3xxx/CVE-2011-3167.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-3167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02712",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
},
{
"name" : "SSRT100649",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
},
{
"name" : "1026260",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026260"
},
{
"name" : "8484",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026260",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026260"
},
{
"name": "HPSBMU02712",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
},
{
"name": "8484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8484"
},
{
"name": "SSRT100649",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
}
]
}
}

130
2011/3xxx/CVE-2011-3493.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/cogent_1-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/cogent_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf"
}
]
}
}

230
2011/3xxx/CVE-2011-3897.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=102242",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=102242"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html"
},
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "oval:org.mitre.oval:def:14250",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14250"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "46933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46933"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20113897-code-execution(73806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73806"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=102242",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=102242"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "apple-webkit-cve20113897-code-execution(73806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73806"
},
{
"name": "46933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46933"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:14250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14250"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

140
2011/4xxx/CVE-2011-4309.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=188323",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=188323"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moodle.org/mod/forum/discuss.php?d=188323",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=188323"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444"
}
]
}
}

34
2011/4xxx/CVE-2011-4482.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4482",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4482",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2011/4xxx/CVE-2011-4583.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=191750",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=191750"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moodle.org/mod/forum/discuss.php?d=191750",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=191750"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1"
}
]
}
}

130
2011/4xxx/CVE-2011-4742.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name" : "plesk-mail-info-disclosure(72317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name": "plesk-mail-info-disclosure(72317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72317"
}
]
}
}

130
2011/4xxx/CVE-2011-4853.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
"refsource" : "MISC",
"url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html"
},
{
"name" : "plesk-rfc-info-disclosure(72094)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "plesk-rfc-info-disclosure(72094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72094"
},
{
"name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
"refsource": "MISC",
"url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html"
}
]
}
}

190
2013/1xxx/CVE-2013-1964.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/18/9"
},
{
"name" : "DSA-2666",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2666"
},
{
"name" : "FEDORA-2013-6723",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "59293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59293"
},
{
"name" : "1028459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028459"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59293"
},
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "[oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/18/9"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "DSA-2666",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2666"
},
{
"name": "1028459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028459"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "FEDORA-2013-6723",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html"
}
]
}
}

34
2013/5xxx/CVE-2013-5077.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5077",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5077",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

270
2013/5xxx/CVE-2013-5612.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-5612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=871161",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=871161"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "FEDORA-2013-23127",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
},
{
"name" : "FEDORA-2013-23519",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2013:1812",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1812.html"
},
{
"name" : "openSUSE-SU-2014:0008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
},
{
"name" : "SUSE-SU-2013:1919",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:1916",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
},
{
"name" : "openSUSE-SU-2013:1917",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
},
{
"name" : "openSUSE-SU-2013:1918",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
},
{
"name" : "USN-2052-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2052-1"
},
{
"name" : "64205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64205"
},
{
"name" : "1029470",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029470"
},
{
"name" : "1029476",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64205"
},
{
"name": "SUSE-SU-2013:1919",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html"
},
{
"name": "FEDORA-2013-23127",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
},
{
"name": "FEDORA-2013-23519",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
},
{
"name": "1029470",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029470"
},
{
"name": "openSUSE-SU-2013:1917",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2013:1916",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
},
{
"name": "openSUSE-SU-2014:0008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
},
{
"name": "1029476",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029476"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=871161",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=871161"
},
{
"name": "openSUSE-SU-2013:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
},
{
"name": "USN-2052-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2052-1"
},
{
"name": "RHSA-2013:1812",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1812.html"
}
]
}
}

150
2013/5xxx/CVE-2013-5996.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.ec-cube.net/open_trac/changeset/23275",
"refsource" : "CONFIRM",
"url" : "http://svn.ec-cube.net/open_trac/changeset/23275"
},
{
"name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
"refsource" : "CONFIRM",
"url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"name" : "JVN#06377589",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"name" : "JVNDB-2013-000107",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000107",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23275",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
]
}
}

140
2014/2xxx/CVE-2014-2065.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-2065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2"
},
{
"name" : "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7",
"refsource" : "CONFIRM",
"url" : "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7"
},
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7",
"refsource": "CONFIRM",
"url": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7"
},
{
"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
}
]
}
}

180
2014/2xxx/CVE-2014-2286.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff",
"refsource" : "MISC",
"url" : "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2014-001.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-23340",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"name" : "FEDORA-2014-3762",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name" : "FEDORA-2014-3779",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
},
{
"name" : "MDVSA-2014:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name" : "66093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-23340",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html"
},
{
"name": "66093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66093"
},
{
"name": "MDVSA-2014:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078"
},
{
"name": "FEDORA-2014-3762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html"
},
{
"name": "FEDORA-2014-3779",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html"
}
]
}
}

140
2014/2xxx/CVE-2014-2405.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-2912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2912"
},
{
"name" : "USN-2191-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name" : "58415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2191-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name": "DSA-2912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2912"
},
{
"name": "58415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58415"
}
]
}
}

150
2014/2xxx/CVE-2014-2558.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \\' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/305"
},
{
"name" : "http://wordpress.org/plugins/file-gallery/changelog/",
"refsource" : "MISC",
"url" : "http://wordpress.org/plugins/file-gallery/changelog/"
},
{
"name" : "67120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67120"
},
{
"name" : "67183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \\' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/file-gallery/changelog/",
"refsource": "MISC",
"url": "http://wordpress.org/plugins/file-gallery/changelog/"
},
{
"name": "67120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67120"
},
{
"name": "20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/305"
},
{
"name": "67183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67183"
}
]
}
}

150
2014/2xxx/CVE-2014-2916.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html",
"refsource" : "MISC",
"url" : "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html"
},
{
"name" : "http://www.phplist.com/?lid=638",
"refsource" : "CONFIRM",
"url" : "http://www.phplist.com/?lid=638"
},
{
"name" : "1030191",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030191"
},
{
"name" : "57893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57893"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57893"
},
{
"name": "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html",
"refsource": "MISC",
"url": "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html"
},
{
"name": "http://www.phplist.com/?lid=638",
"refsource": "CONFIRM",
"url": "http://www.phplist.com/?lid=638"
},
{
"name": "1030191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030191"
}
]
}
}

34
2014/6xxx/CVE-2014-6306.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6306",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6306",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6719.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#418025",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/418025"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#418025",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/418025"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6784.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#515705",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/515705"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#515705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515705"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6841.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#201457",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/201457"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#201457",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/201457"
}
]
}
}

140
2014/6xxx/CVE-2014-6925.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#625705",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/625705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#625705",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625705"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

210
2014/7xxx/CVE-2014-7935.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=402957",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=402957"
},
{
"name" : "https://codereview.chromium.org/692203002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/692203002"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=402957",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=402957"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "https://codereview.chromium.org/692203002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/692203002"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
}
]
}
}

34
2017/0xxx/CVE-2017-0187.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0187",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0187",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/0xxx/CVE-2017-0260.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260"
},
{
"name" : "98810",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98810"
},
{
"name" : "1038668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038668"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260"
},
{
"name": "98810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98810"
}
]
}
}

158
2017/0xxx/CVE-2017-0476.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96756"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96756"
}
]
}
}

146
2017/0xxx/CVE-2017-0527.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96949"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96949"
}
]
}
}

34
2017/0xxx/CVE-2017-0868.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-0868",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-0868",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

124
2017/1000xxx/CVE-2017-1000191.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.414395",
"ID" : "CVE-2017-1000191",
"REQUESTER" : "ydahhrk@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jool",
"version" : {
"version_data" : [
{
"version_value" : "3.5.0 - 3.5.1"
}
]
}
}
]
},
"vendor_name" : "NIC Mexico"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.414395",
"ID": "CVE-2017-1000191",
"REQUESTER": "ydahhrk@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/NICMx/Jool/issues/232",
"refsource" : "CONFIRM",
"url" : "https://github.com/NICMx/Jool/issues/232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NICMx/Jool/issues/232",
"refsource": "CONFIRM",
"url": "https://github.com/NICMx/Jool/issues/232"
}
]
}
}

130
2017/18xxx/CVE-2017-18331.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control on Access Control Module"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "106128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control on Access Control Module"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
}
]
}
}

34
2017/1xxx/CVE-2017-1021.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1021",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1021",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/1xxx/CVE-2017-1135.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1135",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1135",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

288
2017/1xxx/CVE-2017-1280.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00",
"ID" : "CVE-2017-1280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
},
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-28T00:00:00",
"ID": "CVE-2017-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-prd-trops.events.ibm.com/node/715749",
"refsource" : "CONFIRM",
"url" : "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name" : "ibm-rqm-cve20171280-xss(124758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name": "ibm-rqm-cve20171280-xss(124758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758"
}
]
}
}

34
2017/1xxx/CVE-2017-1578.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1578",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1578",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/4xxx/CVE-2017-4020.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4020",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4020",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/4xxx/CVE-2017-4895.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"ID" : "CVE-2017-4895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Airwatch Agent",
"version" : {
"version_data" : [
{
"version_value" : "x.x"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Root detection bypass"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Airwatch Agent",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name" : "95892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95892"
},
{
"name" : "1037738",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Root detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037738"
}
]
}
}

170
2017/5xxx/CVE-2017-5207.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170107 Re: Firejail local root exploit",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/07/6"
},
{
"name" : "https://firejail.wordpress.com/download-2/release-notes/",
"refsource" : "CONFIRM",
"url" : "https://firejail.wordpress.com/download-2/release-notes/"
},
{
"name" : "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc",
"refsource" : "CONFIRM",
"url" : "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc"
},
{
"name" : "https://github.com/netblue30/firejail/issues/1023",
"refsource" : "CONFIRM",
"url" : "https://github.com/netblue30/firejail/issues/1023"
},
{
"name" : "GLSA-201701-62",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-62"
},
{
"name" : "97385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97385"
},
{
"name": "GLSA-201701-62",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-62"
},
{
"name": "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc",
"refsource": "CONFIRM",
"url": "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc"
},
{
"name": "https://github.com/netblue30/firejail/issues/1023",
"refsource": "CONFIRM",
"url": "https://github.com/netblue30/firejail/issues/1023"
},
{
"name": "https://firejail.wordpress.com/download-2/release-notes/",
"refsource": "CONFIRM",
"url": "https://firejail.wordpress.com/download-2/release-notes/"
},
{
"name": "[oss-security] 20170107 Re: Firejail local root exploit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/07/6"
}
]
}
}

190
2017/5xxx/CVE-2017-5839.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777265",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777265"
},
{
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource" : "CONFIRM",
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name" : "DSA-3819",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3819"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:2060",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name" : "96001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96001"
},
{
"name": "DSA-3819",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3819"
},
{
"name": "RHSA-2017:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=777265",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=777265"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20170201 Multiple memory access issues in gstreamer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
}
]
}
}