admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:34:51 +00:00
parent 2b7773d758
commit c90c9e567f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3875 additions and 3875 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/2xxx/CVE-2006-2845.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2845", "ID": "CVE-2006-2845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060602 Redaxo CMS <= 3.2 Remote File Include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435733/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php."
{ }
"name" : "1861", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/1861" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18229", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18229" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2109", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2109" ]
}, },
{ "references": {
"name" : "1016213", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016213" "name": "1016213",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016213"
"name" : "20395", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20395" "name": "ADV-2006-2109",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2109"
"name" : "1043", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1043" "name": "redaxo-rex-file-include(26887)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26887"
"name" : "redaxo-rex-file-include(26887)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26887" "name": "18229",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18229"
} },
} {
"name": "20395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20395"
},
{
"name": "1861",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1861"
},
{
"name": "20060602 Redaxo CMS <= 3.2 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435733/100/0/threaded"
},
{
"name": "1043",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1043"
}
]
}
}

180
2006/3xxx/CVE-2006-3087.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3087", "ID": "CVE-2006-3087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/ezgallery-v15-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/ezgallery-v15-xss-vuln.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp."
{ }
"name" : "ADV-2006-2298", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/2298" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26372", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26372" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26370", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26370" ]
}, },
{ "references": {
"name" : "26371", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26371" "name": "26371",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26371"
"name" : "20553", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20553" "name": "ADV-2006-2298",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2298"
"name" : "ezgallery-multiple-scripts-xss(27066)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27066" "name": "ezgallery-multiple-scripts-xss(27066)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27066"
} },
} {
"name": "26372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26372"
},
{
"name": "20553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20553"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ezgallery-v15-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ezgallery-v15-xss-vuln.html"
},
{
"name": "26370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26370"
}
]
}
}

160
2006/3xxx/CVE-2006-3142.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3142", "ID": "CVE-2006-3142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060616 vbzoom V1.11 forum.php SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437575/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter."
{ }
"name" : "4140", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/4140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18472", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18472" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1122", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1122" ]
}, },
{ "references": {
"name" : "vbzoom-forum-sql-injection(27700)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27700" "name": "4140",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/4140"
} },
} {
"name": "vbzoom-forum-sql-injection(27700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27700"
},
{
"name": "20060616 vbzoom V1.11 forum.php SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437575/100/0/threaded"
},
{
"name": "1122",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1122"
},
{
"name": "18472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18472"
}
]
}
}

180
2006/3xxx/CVE-2006-3252.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3252", "ID": "CVE-2006-3252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060626 ERNW Security Advisory 01/2006", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438329/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request."
{ }
"name" : "18647", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18647" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2549", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2549" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016382", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016382" ]
}, },
{ "references": {
"name" : "20812", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20812" "name": "1152",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1152"
"name" : "1152", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1152" "name": "privatewire-registration-bo(27430)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27430"
"name" : "privatewire-registration-bo(27430)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27430" "name": "20060626 ERNW Security Advisory 01/2006",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/438329/100/0/threaded"
} },
} {
"name": "18647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18647"
},
{
"name": "1016382",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016382"
},
{
"name": "20812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20812"
},
{
"name": "ADV-2006-2549",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2549"
}
]
}
}

170
2006/3xxx/CVE-2006-3365.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3365", "ID": "CVE-2006-3365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060617 V3Chat Instant Messenger - XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437755/100/200/threaded" "lang": "eng",
}, "value": "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
{ }
"name" : "20060622 Re: V3Chat Instant Messenger - XSS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/438069/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18543", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18543" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2474", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2474" ]
}, },
{ "references": {
"name" : "1016340", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016340" "name": "v3chat-index-path-disclosure(27395)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
"name" : "v3chat-index-path-disclosure(27395)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395" "name": "18543",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18543"
} },
} {
"name": "1016340",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016340"
},
{
"name": "20060617 V3Chat Instant Messenger - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
},
{
"name": "ADV-2006-2474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2474"
},
{
"name": "20060622 Re: V3Chat Instant Messenger - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
}
]
}
}

220
2006/3xxx/CVE-2006-3860.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3860", "ID": "CVE-2006-3860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) \"SET DEBUG FILE\" SQL command, and the (2) start_onpload and (3) dbexp functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060814 Informix - Discovery, Attack and Defense", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" "lang": "eng",
}, "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) \"SET DEBUG FILE\" SQL command, and the (2) start_onpload and (3) dbexp functions."
{ }
"name" : "20060814 Multiple Arbitrary Command Execution Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/443185/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", ]
"refsource" : "CONFIRM", }
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" ]
}, },
{ "references": {
"name" : "19264", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19264" "name": "27686",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27686"
"name" : "ADV-2006-3077", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3077" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
}, "refsource": "CONFIRM",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
"name" : "27686", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27686" "name": "informix-sysmaster-command-execution(28121)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28121"
"name" : "21301", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21301" "name": "1407",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1407"
"name" : "1407", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1407" "name": "20060814 Informix - Discovery, Attack and Defense",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
"name" : "informix-setdebug-command-execution(28124)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28124" "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
}, "refsource": "MISC",
{ "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
"name" : "informix-sysmaster-command-execution(28121)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28121" "name": "informix-setdebug-command-execution(28124)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28124"
} },
} {
"name": "21301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21301"
},
{
"name": "19264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19264"
},
{
"name": "20060814 Multiple Arbitrary Command Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443185/100/0/threaded"
},
{
"name": "ADV-2006-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3077"
}
]
}
}

350
2006/6xxx/CVE-2006-6172.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6172", "ID": "CVE-2006-6172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655" "lang": "eng",
}, "value": "Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches."
{ }
"name" : "http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff", ]
"refsource" : "MISC", },
"url" : "http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=468432", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=468432" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mplayerhq.hu/design7/news.html#vuln14", ]
"refsource" : "CONFIRM", }
"url" : "http://www.mplayerhq.hu/design7/news.html#vuln14" ]
}, },
{ "references": {
"name" : "DSA-1244", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1244" "name": "23512",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23512"
"name" : "GLSA-200612-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200612-02.xml" "name": "25555",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25555"
"name" : "GLSA-200702-11", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200702-11.xml" "name": "24336",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24336"
"name" : "MDKSA-2006:224", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:224" "name": "24339",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24339"
"name" : "MDKSA-2007:112", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:112" "name": "https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655",
}, "refsource": "MISC",
{ "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655"
"name" : "SSA:2006-357-05", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842" "name": "SSA:2006-357-05",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842"
"name" : "SUSE-SR:2006:028", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_28_sr.html" "name": "23242",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23242"
"name" : "USN-392-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-392-1" "name": "GLSA-200612-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200612-02.xml"
"name" : "21435", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21435" "name": "http://sourceforge.net/project/shownotes.php?release_id=468432",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=468432"
"name" : "ADV-2006-4824", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4824" "name": "23567",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23567"
"name" : "23218", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23218" "name": "SUSE-SR:2006:028",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html"
"name" : "23242", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23242" "name": "GLSA-200702-11",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200702-11.xml"
"name" : "23249", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23249" "name": "USN-392-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-392-1"
"name" : "23301", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23301" "name": "23249",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23249"
"name" : "23335", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23335" "name": "23335",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23335"
"name" : "23512", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23512" "name": "21435",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21435"
"name" : "23567", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23567" "name": "http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff",
}, "refsource": "MISC",
{ "url": "http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff"
"name" : "24336", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24336" "name": "MDKSA-2006:224",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:224"
"name" : "24339", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24339" "name": "MDKSA-2007:112",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:112"
"name" : "25555", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25555" "name": "23218",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23218"
} },
} {
"name": "DSA-1244",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1244"
},
{
"name": "http://www.mplayerhq.hu/design7/news.html#vuln14",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/design7/news.html#vuln14"
},
{
"name": "ADV-2006-4824",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4824"
},
{
"name": "23301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23301"
}
]
}
}

150
2006/6xxx/CVE-2006-6577.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6577", "ID": "CVE-2006-6577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061130 LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/453134/100/200/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "21366", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21366" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2037", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2037" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ldu-polls-sql-injection(30616)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30616" ]
} },
] "references": {
} "reference_data": [
} {
"name": "21366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21366"
},
{
"name": "ldu-polls-sql-injection(30616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30616"
},
{
"name": "20061130 LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453134/100/200/threaded"
},
{
"name": "2037",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2037"
}
]
}
}

140
2006/6xxx/CVE-2006-6726.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6726", "ID": "CVE-2006-6726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2976", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2976" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter."
{ }
"name" : "21713", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21713" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-5130", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/5130" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5130",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5130"
},
{
"name": "2976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2976"
},
{
"name": "21713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21713"
}
]
}
}

120
2006/6xxx/CVE-2006-6948.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6948", "ID": "CVE-2006-6948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#30994815", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/jp/JVN%2330994815/index.html" "lang": "eng",
} "value": "MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#30994815",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2330994815/index.html"
}
]
}
}

150
2006/7xxx/CVE-2006-7085.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7085", "ID": "CVE-2006-7085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060719 Multiple Vulnerabilities RPS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html" "lang": "eng",
}, "value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely."
{ }
"name" : "28640", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/28640" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2322", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2322" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "rps-addart-xss(39972)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060719 Multiple Vulnerabilities RPS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"
},
{
"name": "28640",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28640"
},
{
"name": "rps-addart-xss(39972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"
},
{
"name": "2322",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2322"
}
]
}
}

34
2011/0xxx/CVE-2011-0365.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0365", "ID": "CVE-2011-0365",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/0xxx/CVE-2011-0422.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0422", "ID": "CVE-2011-0422",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2011/0xxx/CVE-2011-0736.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0736", "ID": "CVE-2011-0736",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110128 Vulnerabilities in Adobe ColdFusion", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html" "lang": "eng",
}, "value": "** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Settings sections of the ColdFusion Lockdown guide explain the requirement for settings that prevent this information disclosure."
{ }
"name" : "http://websecurity.com.ua/4879/", ]
"refsource" : "MISC", },
"url" : "http://websecurity.com.ua/4879/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70780", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70780" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "70780",
"refsource": "OSVDB",
"url": "http://osvdb.org/70780"
},
{
"name": "http://websecurity.com.ua/4879/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4879/"
},
{
"name": "20110128 Vulnerabilities in Adobe ColdFusion",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html"
}
]
}
}

120
2011/0xxx/CVE-2011-0820.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0820", "ID": "CVE-2011-0820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

270
2011/1xxx/CVE-2011-1138.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1138", "ID": "CVE-2011-1138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036" "lang": "eng",
}, "value": "Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet."
{ }
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722" ]
}, },
{ "references": {
"name" : "FEDORA-2011-2620", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" "name": "openSUSE-SU-2011:0347",
}, "refsource": "SUSE",
{ "url": "https://hermes.opensuse.org/messages/8086844"
"name" : "FEDORA-2011-2632", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" "name": "43759",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43759"
"name" : "FEDORA-2011-2648", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" "name": "FEDORA-2011-2648",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html"
"name" : "openSUSE-SU-2011:0347", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/8086844" "name": "oval:org.mitre.oval:def:16299",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16299"
"name" : "VU#215900", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/215900" "name": "FEDORA-2011-2620",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html"
"name" : "46636", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46636" "name": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36036"
"name" : "oval:org.mitre.oval:def:16299", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16299" "name": "44169",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44169"
"name" : "1025148", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025148" "name": "ADV-2011-0626",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0626"
"name" : "44169", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44169" "name": "VU#215900",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/215900"
"name" : "43759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43759" "name": "46636",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46636"
"name" : "ADV-2011-0626", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0626" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html"
"name" : "wireshark6lowpan-bo(65783)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65783" "name": "FEDORA-2011-2632",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html"
} },
} {
"name": "http://www.wireshark.org/security/wnpa-sec-2011-04.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-04.html"
},
{
"name": "wireshark6lowpan-bo(65783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65783"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722"
},
{
"name": "1025148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025148"
}
]
}
}

170
2011/1xxx/CVE-2011-1149.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1149", "ID": "CVE-2011-1149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html" "lang": "eng",
}, "value": "Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK."
{ }
"name" : "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2", ]
"refsource" : "MISC", },
"url" : "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e", ]
"refsource" : "CONFIRM", }
"url" : "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e" ]
}, },
{ "references": {
"name" : "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca" "name": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca",
}, "refsource": "CONFIRM",
{ "url": "http://android.git.kernel.org/?p=platform/system/core.git;a=commit;h=25b15be9120bcdaa0aba622c67ad2c835d9e91ca"
"name" : "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971", },
"refsource" : "CONFIRM", {
"url" : "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971" "name": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971",
} "refsource": "CONFIRM",
] "url": "http://groups.google.com/group/android-security-discuss/browse_thread/thread/15f97658c88d6827/e86db04652651971?show_docid=e86db04652651971"
} },
} {
"name": "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e",
"refsource": "CONFIRM",
"url": "http://android.git.kernel.org/?p=kernel/common.git;a=commit;h=c98a285075f26e2b17a5baa2cb3eb6356a75597e"
},
{
"name": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html",
"refsource": "MISC",
"url": "http://c-skills.blogspot.com/2011/01/adb-trickery-again.html"
},
{
"name": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2",
"refsource": "MISC",
"url": "https://github.com/tmzt/g2root-kmod/tree/scotty2/scotty2"
},
{
"name": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2"
}
]
}
}

220
2011/1xxx/CVE-2011-1157.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1157", "ID": "CVE-2011-1157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments."
{ }
"name" : "[oss-security] 20110314 CVE request for python-feedparser", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/03/14/18" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110315 Re: CVE request for python-feedparser", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/03/15/11" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.novell.com/security/cve/CVE-2011-1157.html", ]
"refsource" : "CONFIRM", }
"url" : "http://support.novell.com/security/cve/CVE-2011-1157.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=680074", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=680074" "name": "[oss-security] 20110314 CVE request for python-feedparser",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/03/14/18"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684877" "name": "https://code.google.com/p/feedparser/issues/detail?id=254",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/feedparser/issues/detail?id=254"
"name" : "https://code.google.com/p/feedparser/issues/detail?id=254", },
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/p/feedparser/issues/detail?id=254" "name": "43730",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43730"
"name" : "MDVSA-2011:082", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082" "name": "http://support.novell.com/security/cve/CVE-2011-1157.html",
}, "refsource": "CONFIRM",
{ "url": "http://support.novell.com/security/cve/CVE-2011-1157.html"
"name" : "46867", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46867" "name": "46867",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46867"
"name" : "43730", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43730" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=684877",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684877"
"name" : "44074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44074" "name": "44074",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44074"
} },
} {
"name": "[oss-security] 20110315 Re: CVE request for python-feedparser",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/15/11"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=680074",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=680074"
},
{
"name": "MDVSA-2011:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:082"
}
]
}
}

210
2011/1xxx/CVE-2011-1785.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1785", "ID": "CVE-2011-1785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517739/100/0/threaded" "lang": "eng",
}, "value": "VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic."
{ }
"name" : "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", ]
"refsource" : "MLIST", },
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000133.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://kb.vmware.com/kb/1035108", "description": [
"refsource" : "CONFIRM", {
"url" : "http://kb.vmware.com/kb/1035108" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0007.html" ]
}, },
{ "references": {
"name" : "47627", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47627" "name": "1025452",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025452"
"name" : "72118", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/72118" "name": "http://kb.vmware.com/kb/1035108",
}, "refsource": "CONFIRM",
{ "url": "http://kb.vmware.com/kb/1035108"
"name" : "oval:org.mitre.oval:def:13242", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13242" "name": "oval:org.mitre.oval:def:13242",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13242"
"name" : "1025452", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025452" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
"name" : "8240", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8240" "name": "47627",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47627"
"name" : "vmware-esxserver-socket-dos(67195)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67195" "name": "vmware-esxserver-socket-dos(67195)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67195"
} },
} {
"name": "72118",
"refsource": "OSVDB",
"url": "http://osvdb.org/72118"
},
{
"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
},
{
"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
},
{
"name": "8240",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8240"
}
]
}
}

150
2011/1xxx/CVE-2011-1836.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2011-1836", "ID": "CVE-2011-1836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=729465", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=729465" "lang": "eng",
}, "value": "utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process."
{ }
"name" : "https://launchpad.net/ecryptfs/+download", ]
"refsource" : "CONFIRM", },
"url" : "https://launchpad.net/ecryptfs/+download" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2011:0898", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1188-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1188-1" ]
} },
] "references": {
} "reference_data": [
} {
"name": "SUSE-SU-2011:0898",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
},
{
"name": "https://launchpad.net/ecryptfs/+download",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ecryptfs/+download"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
}
]
}
}

150
2011/3xxx/CVE-2011-3017.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3017", "ID": "CVE-2011-3017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=108695", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=108695" "lang": "eng",
}, "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14667", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14667" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48016", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48016" ]
} },
] "references": {
} "reference_data": [
} {
"name": "oval:org.mitre.oval:def:14667",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14667"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=108695",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=108695"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"
},
{
"name": "48016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48016"
}
]
}
}

140
2011/3xxx/CVE-2011-3823.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3823", "ID": "CVE-2011-3823",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yamamah_1.0", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yamamah_1.0" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yamamah_1.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yamamah_1.0"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

150
2011/3xxx/CVE-2011-3984.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-3984", "ID": "CVE-2011-3984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to \"web form entries.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#80971236", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN80971236/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to \"web form entries.\""
{ }
"name" : "JVNDB-2011-000082", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000082" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76403", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76403" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webforum-unspecified-xss(70468)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70468" ]
} },
] "references": {
} "reference_data": [
} {
"name": "JVNDB-2011-000082",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000082"
},
{
"name": "76403",
"refsource": "OSVDB",
"url": "http://osvdb.org/76403"
},
{
"name": "webforum-unspecified-xss(70468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70468"
},
{
"name": "JVN#80971236",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80971236/index.html"
}
]
}
}

34
2011/4xxx/CVE-2011-4117.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4117", "ID": "CVE-2011-4117",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

220
2011/4xxx/CVE-2011-4131.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4131", "ID": "CVE-2011-4131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111111 Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/11/12/1" "lang": "eng",
}, "value": "The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747106", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747106" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f" "name": "SUSE-SU-2012:0554",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
"name" : "FEDORA-2012-8359", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html" "name": "48898",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48898"
"name" : "RHSA-2012:0862", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0862.html" "name": "[oss-security] 20111111 Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/11/12/1"
"name" : "RHSA-2012:1541", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1541.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747106",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747106"
"name" : "openSUSE-SU-2013:0925", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f"
"name" : "SUSE-SU-2012:0554", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" "name": "RHSA-2012:1541",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1541.html"
"name" : "48898", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48898" "name": "FEDORA-2012-8359",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html"
} },
} {
"name": "openSUSE-SU-2013:0925",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "RHSA-2012:0862",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0862.html"
},
{
"name": "https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
}
]
}
}

34
2011/4xxx/CVE-2011-4657.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4657", "ID": "CVE-2011-4657",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2011/4xxx/CVE-2011-4735.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4735", "ID": "CVE-2011-4735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files."
{ }
"name" : "VU#541814", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/541814" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "plesk-multiple-xss(72324)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72324" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#541814",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/541814"
},
{
"name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html"
},
{
"name": "plesk-multiple-xss(72324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72324"
}
]
}
}

140
2013/5xxx/CVE-2013-5025.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5025", "ID": "CVE-2013-5025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument" "lang": "eng",
}, "value": "An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files."
{ }
"name" : "http://digital.ni.com/public.nsf/websearch/DFFB9F8AD5014E9586257B36004F6E5D?OpenDocument", ]
"refsource" : "CONFIRM", },
"url" : "http://digital.ni.com/public.nsf/websearch/DFFB9F8AD5014E9586257B36004F6E5D?OpenDocument" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument", "description": [
"refsource" : "CONFIRM", {
"url" : "http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/websearch/DFFB9F8AD5014E9586257B36004F6E5D?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/DFFB9F8AD5014E9586257B36004F6E5D?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/493D011EE5C305FD86257BCF006C8540?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}

120
2013/5xxx/CVE-2013-5186.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5186", "ID": "CVE-2013-5186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2013-10-22-3", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" "lang": "eng",
} "value": "Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
}
]
}
}

34
2013/5xxx/CVE-2013-5608.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5608", "ID": "CVE-2013-5608",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/5xxx/CVE-2013-5638.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5638", "ID": "CVE-2013-5638",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/2xxx/CVE-2014-2377.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-2377", "ID": "CVE-2014-2377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01" "lang": "eng",
} "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
}
]
}
}

120
2014/2xxx/CVE-2014-2717.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2717", "ID": "CVE-2014-2717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01" "lang": "eng",
} "value": "Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01"
}
]
}
}

34
2014/2xxx/CVE-2014-2837.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2837", "ID": "CVE-2014-2837",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2014/6xxx/CVE-2014-6077.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6077", "ID": "CVE-2014-6077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
{ }
"name" : "IV67358", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV67581", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-sam-cve20146077-csrf(95730)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95730" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475"
},
{
"name": "IV67358",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358"
},
{
"name": "ibm-sam-cve20146077-csrf(95730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95730"
},
{
"name": "IV67581",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581"
}
]
}
}

34
2014/6xxx/CVE-2014-6246.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6246", "ID": "CVE-2014-6246",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2014/6xxx/CVE-2014-6312.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6312", "ID": "CVE-2014-6312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34762", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34762" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php."
{ }
"name" : "20140917 CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do (WordPress plugin)", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Sep/58" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do", "description": [
"refsource" : "MISC", {
"url" : "https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/plugins/login-sidebar-widget/changelog", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/plugins/login-sidebar-widget/changelog" ]
}, },
{ "references": {
"name" : "111700", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/111700" "name": "20140917 CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated attackers to do anything an admin can do (WordPress plugin)",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2014/Sep/58"
"name" : "111757", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/111757" "name": "34762",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/34762"
} },
} {
"name": "https://wordpress.org/plugins/login-sidebar-widget/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/login-sidebar-widget/changelog"
},
{
"name": "https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrfxss-vulnerablity-in-login-widget-with-shortcode-allows-unauthenticated-attackers-to-do-anything-an-admin-can-do"
},
{
"name": "111757",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/111757"
},
{
"name": "111700",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/111700"
}
]
}
}

34
2014/6xxx/CVE-2014-6615.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6615", "ID": "CVE-2014-6615",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7334.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7334", "ID": "CVE-2014-7334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#396025", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/396025" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#396025",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/396025"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7520.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7520", "ID": "CVE-2014-7520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#422425", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/422425" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#422425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/422425"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7913.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-7913", "ID": "CVE-2014-7913",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0" "lang": "eng",
}, "value": "The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message."
{ }
"name" : "1033124", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033124" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033124"
},
{
"name": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0"
}
]
}
}

140
2017/0xxx/CVE-2017-0034.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0034", "ID": "CVE-2017-0034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Edge", "product_name": "Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Edge" "version_value": "Edge"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0034", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0034" "lang": "eng",
}, "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
{ }
"name" : "96786", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96786" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038006", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038006" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0034",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0034"
},
{
"name": "96786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96786"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}

150
2017/0xxx/CVE-2017-0072.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0072", "ID": "CVE-2017-0072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Uniscribe", "product_name": "Windows Uniscribe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41654", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41654/" "lang": "eng",
}, "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96599", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96599" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1037992", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037992" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41654",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41654/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072"
},
{
"name": "96599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96599"
},
{
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
}
]
}
}

140
2017/0xxx/CVE-2017-0150.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0150", "ID": "CVE-2017-0150",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Browser", "product_name": "Browser",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Browser" "version_value": "Browser"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0150", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0150" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151."
{ }
"name" : "96725", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96725" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038006", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038006" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0150",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0150"
},
{
"name": "96725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96725"
}
]
}
}

130
2017/0xxx/CVE-2017-0616.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0616", "ID": "CVE-2017-0616",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160."
{ }
"name" : "98189", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98189" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98189"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

174
2017/0xxx/CVE-2017-0738.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-08-07T00:00:00", "DATE_PUBLIC": "2017-08-07T00:00:00",
"ID" : "CVE-2017-0738", "ID": "CVE-2017-0738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.4.4" "version_value": "4.4.4"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-08-01" "lang": "eng",
}, "value": "A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371."
{ }
"name" : "100204", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100204" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100204"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
}
]
}
}

168
2017/0xxx/CVE-2017-0784.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00", "DATE_PUBLIC": "2017-09-05T00:00:00",
"ID" : "CVE-2017-0784", "ID": "CVE-2017-0784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "lang": "eng",
}, "value": "A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958."
{ }
"name" : "100671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100671"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
}

120
2017/18xxx/CVE-2017-18024.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18024", "ID": "CVE-2017-18024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html" "lang": "eng",
} "value": "AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html"
}
]
}
}

140
2017/18xxx/CVE-2017-18349.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18349", "ID": "CVE-2017-18349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://fortiguard.com/encyclopedia/ips/44059", "description_data": [
"refsource" : "MISC", {
"url" : "https://fortiguard.com/encyclopedia/ips/44059" "lang": "eng",
}, "value": "parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java."
{ }
"name" : "https://github.com/alibaba/fastjson/wiki/security_update_20170315", ]
"refsource" : "MISC", },
"url" : "https://github.com/alibaba/fastjson/wiki/security_update_20170315" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/pippo-java/pippo/issues/466", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/pippo-java/pippo/issues/466" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/encyclopedia/ips/44059",
"refsource": "MISC",
"url": "https://fortiguard.com/encyclopedia/ips/44059"
},
{
"name": "https://github.com/alibaba/fastjson/wiki/security_update_20170315",
"refsource": "MISC",
"url": "https://github.com/alibaba/fastjson/wiki/security_update_20170315"
},
{
"name": "https://github.com/pippo-java/pippo/issues/466",
"refsource": "MISC",
"url": "https://github.com/pippo-java/pippo/issues/466"
}
]
}
}

34
2017/1xxx/CVE-2017-1586.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1586", "ID": "CVE-2017-1586",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2017/1xxx/CVE-2017-1628.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-11-10T00:00:00", "DATE_PUBLIC": "2017-11-10T00:00:00",
"ID" : "CVE-2017-1628", "ID": "CVE-2017-1628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Business Process Manager", "product_name": "Business Process Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.6.0.0" "version_value": "8.6.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133126", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133126" "lang": "eng",
}, "value": "IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009496", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101900", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101900" "lang": "eng",
}, "value": "Denial of Service"
{ }
"name" : "1039777", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039777" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133126",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133126"
},
{
"name": "101900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101900"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009496",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009496"
},
{
"name": "1039777",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039777"
}
]
}
}

34
2017/1xxx/CVE-2017-1817.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1817", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1817",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1943.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1943", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1943",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

284
2017/5xxx/CVE-2017-5436.json
View File

@ -1,144 +1,144 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-5436", "ID": "CVE-2017-5436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "45.9" "version_value": "45.9"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "53" "version_value": "53"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write with malicious font in Graphite 2"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461" "lang": "eng",
}, "value": "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" "lang": "eng",
}, "value": "Out-of-bounds write with malicious font in Graphite 2"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" "name": "RHSA-2017:1106",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1106"
"name" : "DSA-3831", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3831" "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
"name" : "GLSA-201706-25", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-25" "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
"name" : "RHSA-2017:1104", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1104" "name": "GLSA-201706-25",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201706-25"
"name" : "RHSA-2017:1106", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1106" "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
"name" : "RHSA-2017:1201", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1201" "name": "97940",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97940"
"name" : "97940", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97940" "name": "DSA-3831",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-3831"
"name" : "1038320", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038320" "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
} },
} {
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345461"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

236
2017/5xxx/CVE-2017-5451.json
View File

@ -1,120 +1,120 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-5451", "ID": "CVE-2017-5451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.1" "version_value": "52.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "53" "version_value": "53"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Addressbar spoofing with onblur event"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537" "lang": "eng",
}, "value": "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" "lang": "eng",
}, "value": "Addressbar spoofing with onblur event"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" ]
}, },
{ "references": {
"name" : "RHSA-2017:1106", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1106" "name": "RHSA-2017:1106",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1106"
"name" : "RHSA-2017:1201", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1201" "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
"name" : "97940", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97940" "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
"name" : "1038320", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038320" "name": "97940",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/97940"
} },
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273537"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

34
2017/5xxx/CVE-2017-5716.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-5716", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-5716",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12865. Reason: This candidate is a reservation duplicate of CVE-2017-12865. Notes: All CVE users should reference CVE-2017-12865 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12865. Reason: This candidate is a reservation duplicate of CVE-2017-12865. Notes: All CVE users should reference CVE-2017-12865 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2017/5xxx/CVE-2017-5760.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5760", "ID": "CVE-2017-5760",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/5xxx/CVE-2017-5880.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5880", "ID": "CVE-2017-5880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAPW8", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAPW8" "lang": "eng",
} "value": "Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.splunk.com/view/SP-CAAAPW8",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAPW8"
}
]
}
}