admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:21:09 +00:00
parent fa11ae80e9
commit d6022390be
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3446 additions and 3446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
2006/0xxx/CVE-2006-0188.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0188", "ID": "CVE-2006-0188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.squirrelmail.org/security/issue/2006-02-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.squirrelmail.org/security/issue/2006-02-01" "lang": "eng",
}, "value": "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS."
{ }
"name" : "DSA-988", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-988" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2006-133", "description": [
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200603-09", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" ]
}, },
{ "references": {
"name" : "MDKSA-2006:049", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" "name": "MDKSA-2006:049",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049"
"name" : "RHSA-2006:0283", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0283.html" "name": "RHSA-2006:0283",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html"
"name" : "20060501-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" "name": "19176",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19176"
"name" : "SUSE-SR:2006:005", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" "name": "squirrelmail-webmail-xss(24847)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847"
"name" : "16756", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16756" "name": "FEDORA-2006-133",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html"
"name" : "oval:org.mitre.oval:def:10419", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419" "name": "SUSE-SR:2006:005",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
"name" : "ADV-2006-0689", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0689" "name": "20210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20210"
"name" : "1015662", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015662" "name": "oval:org.mitre.oval:def:10419",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419"
"name" : "18985", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18985" "name": "ADV-2006-0689",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0689"
"name" : "19131", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19131" "name": "18985",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18985"
"name" : "19130", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19130" "name": "19205",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19205"
"name" : "19176", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19176" "name": "http://www.squirrelmail.org/security/issue/2006-02-01",
}, "refsource": "CONFIRM",
{ "url": "http://www.squirrelmail.org/security/issue/2006-02-01"
"name" : "19205", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19205" "name": "19960",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19960"
"name" : "19960", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19960" "name": "16756",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16756"
"name" : "20210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20210" "name": "19130",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19130"
"name" : "squirrelmail-webmail-xss(24847)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847" "name": "20060501-01-U",
} "refsource": "SGI",
] "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
} },
} {
"name": "DSA-988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-988"
},
{
"name": "19131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19131"
},
{
"name": "GLSA-200603-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml"
},
{
"name": "1015662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015662"
}
]
}
}

210
2006/0xxx/CVE-2006-0993.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0993", "ID": "CVE-2006-0993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060509 ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433432/100/0/threaded" "lang": "eng",
}, "value": "The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.3com.com/securityalert/alerts/3COM-06-002.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.3com.com/securityalert/alerts/3COM-06-002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17935", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17935" ]
}, },
{ "references": {
"name" : "ADV-2006-1752", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1752" "name": "20060509 ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/433432/100/0/threaded"
"name" : "25360", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25360" "name": "17935",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17935"
"name" : "1016051", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016051" "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html"
"name" : "20058", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20058" "name": "20058",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20058"
"name" : "870", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/870" "name": "tippingpoint-sms-information-disclosure(26338)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26338"
"name" : "tippingpoint-sms-information-disclosure(26338)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26338" "name": "http://www.3com.com/securityalert/alerts/3COM-06-002.html",
} "refsource": "CONFIRM",
] "url": "http://www.3com.com/securityalert/alerts/3COM-06-002.html"
} },
} {
"name": "1016051",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016051"
},
{
"name": "870",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/870"
},
{
"name": "25360",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25360"
},
{
"name": "ADV-2006-1752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1752"
}
]
}
}

180
2006/3xxx/CVE-2006-3095.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3095", "ID": "CVE-2006-3095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm."
{ }
"name" : "18460", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18460" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2382", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2382" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26522", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26522" ]
}, },
{ "references": {
"name" : "26523", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26523" "name": "26523",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26523"
"name" : "20697", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20697" "name": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html",
}, "refsource": "MISC",
{ "url": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html"
"name" : "ipostmx-returnurl-xss(27140)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27140" "name": "20697",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20697"
} },
} {
"name": "ADV-2006-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2382"
},
{
"name": "18460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18460"
},
{
"name": "26522",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26522"
},
{
"name": "ipostmx-returnurl-xss(27140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27140"
}
]
}
}

190
2006/3xxx/CVE-2006-3123.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2006-3123", "ID": "CVE-2006-3123",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" "lang": "eng",
}, "value": "Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1138", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1138" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19320", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19320" ]
}, },
{ "references": {
"name" : "ADV-2006-3157", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3157" "name": "DSA-1138",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1138"
"name" : "21310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21310" "name": "21341",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21341"
"name" : "21341", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21341" "name": "ADV-2006-3157",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3157"
"name" : "cfs-dodecrypt-dodencrypt-dos(28288)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28288" "name": "19320",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19320"
} },
} {
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076"
},
{
"name": "21310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21310"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076"
},
{
"name": "cfs-dodecrypt-dodencrypt-dos(28288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28288"
}
]
}
}

160
2006/3xxx/CVE-2006-3994.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3994", "ID": "CVE-2006-3994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2105", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2105" "lang": "eng",
}, "value": "SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme."
{ }
"name" : "19280", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19280" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3088", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3088" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21293", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21293" ]
}, },
{ "references": {
"name" : "xmb-u2uincphp-sql-injection(28159)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28159" "name": "21293",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21293"
} },
} {
"name": "19280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19280"
},
{
"name": "xmb-u2uincphp-sql-injection(28159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28159"
},
{
"name": "2105",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2105"
},
{
"name": "ADV-2006-3088",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3088"
}
]
}
}

200
2006/4xxx/CVE-2006-4398.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4398", "ID": "CVE-2006-4398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=304829", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=304829" "lang": "eng",
}, "value": "Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests."
{ }
"name" : "APPLE-SA-2006-11-28", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA06-333A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#800296", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/800296" ]
}, },
{ "references": {
"name" : "21335", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21335" "name": "ADV-2006-4750",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4750"
"name" : "ADV-2006-4750", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4750" "name": "http://docs.info.apple.com/article.html?artnum=304829",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=304829"
"name" : "30738", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30738" "name": "21335",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21335"
"name" : "1017301", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017301" "name": "23155",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23155"
"name" : "23155", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23155" "name": "30738",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/30738"
} },
} {
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "VU#800296",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800296"
},
{
"name": "1017301",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017301"
}
]
}
}

190
2006/4xxx/CVE-2006-4856.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4856", "ID": "CVE-2006-4856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060915 Roller Weblogger XSS vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446133/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do."
{ }
"name" : "http://opensource.atlassian.com/projects/roller/browse/ROL-1196", ]
"refsource" : "MISC", },
"url" : "http://opensource.atlassian.com/projects/roller/browse/ROL-1196" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz", "description": [
"refsource" : "MISC", {
"url" : "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#366900", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/366900" ]
}, },
{ "references": {
"name" : "20045", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20045" "name": "20060915 Roller Weblogger XSS vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/446133/100/0/threaded"
"name" : "ADV-2006-3667", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3667" "name": "ADV-2006-3667",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3667"
"name" : "21964", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21964" "name": "20045",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20045"
"name" : "1597", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1597" "name": "1597",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1597"
} },
} {
"name": "21964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21964"
},
{
"name": "VU#366900",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/366900"
},
{
"name": "http://opensource.atlassian.com/projects/roller/browse/ROL-1196",
"refsource": "MISC",
"url": "http://opensource.atlassian.com/projects/roller/browse/ROL-1196"
},
{
"name": "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz",
"refsource": "MISC",
"url": "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz"
}
]
}
}

130
2006/4xxx/CVE-2006-4981.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4981", "ID": "CVE-2006-4981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060919 White paper release: Bypassing network access control (NAC) systems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446421/100/0/threaded" "lang": "eng",
}, "value": "Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs)."
{ }
"name" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060919 White paper release: Bypassing network access control (NAC) systems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446421/100/0/threaded"
},
{
"name": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf"
}
]
}
}

140
2006/6xxx/CVE-2006-6073.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6073", "ID": "CVE-2006-6073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061113 ECommerce Store Shop Builder", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=116353137028066&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp."
{ }
"name" : "http://aria-security.net/advisory/eShopping.txt", ]
"refsource" : "MISC", },
"url" : "http://aria-security.net/advisory/eShopping.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "eshoppingcart-product-sql-injection(30262)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20061113 ECommerce Store Shop Builder",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116353137028066&w=2"
},
{
"name": "eshoppingcart-product-sql-injection(30262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262"
},
{
"name": "http://aria-security.net/advisory/eShopping.txt",
"refsource": "MISC",
"url": "http://aria-security.net/advisory/eShopping.txt"
}
]
}
}

140
2006/6xxx/CVE-2006-6632.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6632", "ID": "CVE-2006-6632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2539", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2539" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter."
{ }
"name" : "20510", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20510" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "genepi-genepi-file-include(29518)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29518" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20510"
},
{
"name": "genepi-genepi-file-include(29518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29518"
},
{
"name": "2539",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2539"
}
]
}
}

210
2006/6xxx/CVE-2006-6701.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6701", "ID": "CVE-2006-6701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/458109/100/100/threaded" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail."
{ }
"name" : "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0512.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.netragard.com/html/recent_research.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.netragard.com/html/recent_research.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt", ]
"refsource" : "MISC", }
"url" : "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt" ]
}, },
{ "references": {
"name" : "http://terra.calacode.com/mail/docs/changelog.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://terra.calacode.com/mail/docs/changelog.html" "name": "http://terra.calacode.com/mail/docs/changelog.html",
}, "refsource": "CONFIRM",
{ "url": "http://terra.calacode.com/mail/docs/changelog.html"
"name" : "ADV-2007-1864", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1864" "name": "25328",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25328"
"name" : "1017435", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017435" "name": "@mail-unspecified-csrf(31259)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31259"
"name" : "23472", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23472" "name": "ADV-2007-1864",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1864"
"name" : "25328", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25328" "name": "1017435",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017435"
"name" : "@mail-unspecified-csrf(31259)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31259" "name": "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0512.html"
} },
} {
"name": "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458109/100/100/threaded"
},
{
"name": "http://www.netragard.com/html/recent_research.html",
"refsource": "MISC",
"url": "http://www.netragard.com/html/recent_research.html"
},
{
"name": "23472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23472"
},
{
"name": "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt",
"refsource": "MISC",
"url": "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt"
}
]
}
}

270
2006/7xxx/CVE-2006-7250.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-7250", "ID": "CVE-2006-7250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=openssl-dev&m=115685408414194&w=2" "lang": "eng",
}, "value": "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message."
{ }
"name" : "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers", ]
"refsource" : "MLIST", },
"url" : "http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/02/27/10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/02/28/14" ]
}, },
{ "references": {
"name" : "http://cvs.openssl.org/chngview?cn=22144", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.openssl.org/chngview?cn=22144" "name": "https://bugzilla.novell.com/show_bug.cgi?id=748738",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.novell.com/show_bug.cgi?id=748738"
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=748738", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=748738" "name": "48516",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48516"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=798100", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=798100" "name": "48899",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48899"
"name" : "HPSBUX02782", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" "name": "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=openssl-dev&m=115685408414194&w=2"
"name" : "SSRT100844", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" "name": "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers",
}, "refsource": "MLIST",
{ "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html"
"name" : "RHSA-2009:1335", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html" "name": "RHSA-2009:1335",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
"name" : "USN-1424-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1424-1" "name": "52181",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52181"
"name" : "52181", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52181" "name": "36533",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36533"
"name" : "48516", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48516" "name": "USN-1424-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1424-1"
"name" : "48899", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48899" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=798100",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798100"
"name" : "36533", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36533" "name": "http://cvs.openssl.org/chngview?cn=22144",
}, "refsource": "CONFIRM",
{ "url": "http://cvs.openssl.org/chngview?cn=22144"
"name" : "48153", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48153" "name": "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/02/27/10"
} },
} {
"name": "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/28/14"
},
{
"name": "48153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48153"
},
{
"name": "HPSBUX02782",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2"
},
{
"name": "SSRT100844",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2"
}
]
}
}

34
2010/2xxx/CVE-2010-2247.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2247", "ID": "CVE-2010-2247",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2010/2xxx/CVE-2010-2556.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-2556", "ID": "CVE-2010-2556",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-053", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
{ }
"name" : "TA10-222A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:11994", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
},
{
"name": "oval:org.mitre.oval:def:11994",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994"
}
]
}
}

170
2010/2xxx/CVE-2010-2719.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2719", "ID": "CVE-2010-2719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14199", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14199" "lang": "eng",
}, "value": "SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "41341", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41341" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65994", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/65994" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40450", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/40450" ]
}, },
{ "references": {
"name" : "ADV-2010-1690", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1690" "name": "65994",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/65994"
"name" : "phpaacms-show-sql-injection(60075)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60075" "name": "ADV-2010-1690",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/1690"
} },
} {
"name": "40450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40450"
},
{
"name": "phpaacms-show-sql-injection(60075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60075"
},
{
"name": "41341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41341"
},
{
"name": "14199",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14199"
}
]
}
}

130
2010/2xxx/CVE-2010-2837.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2010-2837", "ID": "CVE-2010-2837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml" "lang": "eng",
}, "value": "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310."
{ }
"name" : "ADV-2010-2187", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2010/2187" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2187"
},
{
"name": "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml"
}
]
}
}

170
2011/0xxx/CVE-2011-0225.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0225", "ID": "CVE-2011-0225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4808", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4808" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
{ }
"name" : "http://support.apple.com/kb/HT4981", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4999", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4999" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-07-20-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2011-10-11-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" "name": "http://support.apple.com/kb/HT4981",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4981"
"name" : "APPLE-SA-2011-10-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "name": "APPLE-SA-2011-10-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
} },
} {
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

150
2011/0xxx/CVE-2011-0724.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2011-0724", "ID": "CVE-2011-0724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "USN-1061-1", "description_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1061-1" "lang": "eng",
}, "value": "The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges."
{ }
"name" : "46346", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/46346" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2011-0378", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0378" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "italc-keys-security-bypass(65389)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65389" ]
} },
] "references": {
} "reference_data": [
} {
"name": "USN-1061-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1061-1"
},
{
"name": "italc-keys-security-bypass(65389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65389"
},
{
"name": "46346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46346"
},
{
"name": "ADV-2011-0378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0378"
}
]
}
}

34
2011/1xxx/CVE-2011-1133.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1133", "ID": "CVE-2011-1133",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2011/1xxx/CVE-2011-1701.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1701", "ID": "CVE-2011-1701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110606 ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518269/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-174/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-174/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", "description": [
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723", ]
"refsource" : "CONFIRM", }
"url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723" ]
}, },
{ "references": {
"name" : "48124", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48124" "name": "1025606",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025606"
"name" : "1025606", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025606" "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~",
}, "refsource": "CONFIRM",
{ "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~"
"name" : "44811", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44811" "name": "44811",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44811"
"name" : "novell-iprint-profilename-bo(67876)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67876" "name": "48124",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/48124"
} },
} {
"name": "novell-iprint-profilename-bo(67876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67876"
},
{
"name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-174/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-174/"
},
{
"name": "20110606 ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518269/100/0/threaded"
}
]
}
}

130
2011/4xxx/CVE-2011-4216.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4216", "ID": "CVE-2011-4216",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#275036", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/275036" "lang": "eng",
}, "value": "Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document."
{ }
"name" : "slimpdf-write-operations-code-exec(71100)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71100" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "slimpdf-write-operations-code-exec(71100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71100"
},
{
"name": "VU#275036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/275036"
}
]
}
}

150
2011/4xxx/CVE-2011-4718.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4718", "ID": "CVE-2011-4718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.php.net/bug.php?id=60491", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.php.net/bug.php?id=60491" "lang": "eng",
}, "value": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."
{ }
"name" : "https://wiki.php.net/rfc/strict_sessions", ]
"refsource" : "MISC", },
"url" : "https://wiki.php.net/rfc/strict_sessions" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde", ]
"refsource" : "CONFIRM", }
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde"
},
{
"name": "https://wiki.php.net/rfc/strict_sessions",
"refsource": "MISC",
"url": "https://wiki.php.net/rfc/strict_sessions"
},
{
"name": "https://bugs.php.net/bug.php?id=60491",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=60491"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f"
}
]
}
}

120
2011/5xxx/CVE-2011-5313.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5313", "ID": "CVE-2011-5313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB22804", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB22804" "lang": "eng",
} "value": "Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22804",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22804"
}
]
}
}

170
2014/3xxx/CVE-2014-3335.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3335", "ID": "CVE-2014-3335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416" "lang": "eng",
}, "value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750."
{ }
"name" : "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69383", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69383" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030757", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030757" ]
}, },
{ "references": {
"name" : "60222", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60222" "name": "ciscoios-cve20143335-dos(95443)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443"
"name" : "ciscoios-cve20143335-dos(95443)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443" "name": "69383",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/69383"
} },
} {
"name": "60222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60222"
},
{
"name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416"
},
{
"name": "1030757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030757"
}
]
}
}

34
2014/3xxx/CVE-2014-3590.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3590", "ID": "CVE-2014-3590",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/3xxx/CVE-2014-3921.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3921", "ID": "CVE-2014-3921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter."
{ }
"name" : "67562", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67562" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html"
},
{
"name": "67562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67562"
}
]
}
}

130
2014/3xxx/CVE-2014-3935.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3935", "ID": "CVE-2014-3935",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/126701", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126701" "lang": "eng",
}, "value": "SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter."
{ }
"name" : "67460", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67460" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67460"
},
{
"name": "http://packetstormsecurity.com/files/126701",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126701"
}
]
}
}

34
2014/6xxx/CVE-2014-6067.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6067", "ID": "CVE-2014-6067",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

250
2014/6xxx/CVE-2014-6429.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6429", "ID": "CVE-2014-6429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2014-19.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2014-19.html" "lang": "eng",
}, "value": "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://linux.oracle.com/errata/ELSA-2014-1676", ]
"refsource" : "CONFIRM", }
"url" : "http://linux.oracle.com/errata/ELSA-2014-1676" ]
}, },
{ "references": {
"name" : "http://linux.oracle.com/errata/ELSA-2014-1677", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://linux.oracle.com/errata/ELSA-2014-1677" "name": "http://linux.oracle.com/errata/ELSA-2014-1676",
}, "refsource": "CONFIRM",
{ "url": "http://linux.oracle.com/errata/ELSA-2014-1676"
"name" : "DSA-3049", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3049" "name": "61933",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61933"
"name" : "RHSA-2014:1676", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html" "name": "openSUSE-SU-2014:1249",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html"
"name" : "RHSA-2014:1677", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1677.html" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461"
"name" : "SUSE-SU-2014:1221", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" "name": "http://www.wireshark.org/security/wnpa-sec-2014-19.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2014-19.html"
"name" : "openSUSE-SU-2014:1249", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" "name": "RHSA-2014:1677",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1677.html"
"name" : "60578", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60578" "name": "RHSA-2014:1676",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html"
"name" : "60280", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60280" "name": "DSA-3049",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3049"
"name" : "61929", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61929" "name": "SUSE-SU-2014:1221",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html"
"name" : "61933", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61933" "name": "60280",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/60280"
} },
} {
"name": "60578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60578"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1677",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1677"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2"
},
{
"name": "61929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61929"
}
]
}
}

140
2014/6xxx/CVE-2014-6695.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6695", "ID": "CVE-2014-6695",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#217649", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/217649" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#217649",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/217649"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6828.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6828", "ID": "CVE-2014-6828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#321665", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/321665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#321665",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321665"
}
]
}
}

140
2014/7xxx/CVE-2014-7068.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7068", "ID": "CVE-2014-7068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#234545", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/234545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#234545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/234545"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7120.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7120", "ID": "CVE-2014-7120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#775657", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/775657" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#775657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/775657"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7147.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7147", "ID": "CVE-2014-7147",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/7xxx/CVE-2014-7296.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7296", "ID": "CVE-2014-7296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://spagoworld.org/jira/browse/SPAGOBI-1885", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://spagoworld.org/jira/browse/SPAGOBI-1885" "lang": "eng",
}, "value": "The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document."
{ }
"name" : "70240", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70240" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://spagoworld.org/jira/browse/SPAGOBI-1885",
"refsource": "CONFIRM",
"url": "http://spagoworld.org/jira/browse/SPAGOBI-1885"
},
{
"name": "70240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70240"
}
]
}
}

34
2014/7xxx/CVE-2014-7355.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7355", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7355",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/8xxx/CVE-2014-8018.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-8018", "ID": "CVE-2014-8018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141222 Cisco Unified Communications Domain Manager XSS Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661."
{ }
"name" : "71771", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/71771" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031424", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031424" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20141222 Cisco Unified Communications Domain Manager XSS Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018"
},
{
"name": "1031424",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031424"
},
{
"name": "71771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71771"
}
]
}
}

160
2014/8xxx/CVE-2014-8589.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8589", "ID": "CVE-2014-8589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" "lang": "eng",
}, "value": "Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests."
{ }
"name" : "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/", ]
"refsource" : "MISC", },
"url" : "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", "description": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://service.sap.com/sap/support/notes/2037492", ]
"refsource" : "CONFIRM", }
"url" : "https://service.sap.com/sap/support/notes/2037492" ]
}, },
{ "references": {
"name" : "https://twitter.com/SAP_Gsupport/status/522779507372339200", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://twitter.com/SAP_Gsupport/status/522779507372339200" "name": "https://twitter.com/SAP_Gsupport/status/522779507372339200",
} "refsource": "CONFIRM",
] "url": "https://twitter.com/SAP_Gsupport/status/522779507372339200"
} },
} {
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "https://service.sap.com/sap/support/notes/2037492",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/2037492"
}
]
}
}

130
2016/2xxx/CVE-2016-2449.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2449", "ID": "CVE-2016-2449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "lang": "eng",
}, "value": "services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"
}
]
}
}

34
2016/2xxx/CVE-2016-2637.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2637", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2637",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2670.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2670", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2670",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2747.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2747", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2747",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2017/18xxx/CVE-2017-18295.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2017-18295", "ID": "CVE-2017-18295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20" "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in DSP Services"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" "lang": "eng",
}, "value": "Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20."
{ }
"name" : "https://www.qualcomm.com/company/product-security/bulletins", ]
"refsource" : "CONFIRM", },
"url" : "https://www.qualcomm.com/company/product-security/bulletins" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041432", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041432" "lang": "eng",
} "value": "Buffer Copy Without Checking Size of Input in DSP Services"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
}
]
}
}

34
2017/1xxx/CVE-2017-1404.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1404", "ID": "CVE-2017-1404",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

208
2017/1xxx/CVE-2017-1411.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-01T00:00:00", "DATE_PUBLIC": "2018-08-01T00:00:00",
"ID" : "CVE-2017-1411", "ID": "CVE-2017-1411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Identity Governance and Intelligence", "product_name": "Security Identity Governance and Intelligence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2" "version_value": "5.2"
}, },
{ {
"version_value" : "5.2.1" "version_value": "5.2.1"
}, },
{ {
"version_value" : "5.2.2" "version_value": "5.2.2"
}, },
{ {
"version_value" : "5.2.2.1" "version_value": "5.2.2.1"
}, },
{ {
"version_value" : "5.2.3" "version_value": "5.2.3"
}, },
{ {
"version_value" : "5.2.3.1" "version_value": "5.2.3.1"
}, },
{ {
"version_value" : "5.2.3.2" "version_value": "5.2.3.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869" "lang": "eng",
}, "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399."
{ }
"name" : "ibm-sig-cve20171411-info-disc(127399)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.900",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sig-cve20171411-info-disc(127399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22016869",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22016869"
}
]
}
}

34
2017/1xxx/CVE-2017-1587.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1587", "ID": "CVE-2017-1587",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

288
2017/1xxx/CVE-2017-1608.json
View File

@ -1,146 +1,146 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00", "DATE_PUBLIC": "2018-06-28T00:00:00",
"ID" : "CVE-2017-1608", "ID": "CVE-2017-1608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Quality Manager", "product_name": "Rational Quality Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
}, },
{ {
"product_name" : "Rational Collaborative Lifecycle Management", "product_name": "Rational Collaborative Lifecycle Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www-prd-trops.events.ibm.com/node/715749", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www-prd-trops.events.ibm.com/node/715749" "lang": "eng",
}, "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928."
{ }
"name" : "ibm-rqm-cve20171608-xss(132928)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name": "ibm-rqm-cve20171608-xss(132928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928"
}
]
}
}

34
2017/1xxx/CVE-2017-1816.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1816", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1816",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/1xxx/CVE-2017-1966.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1966", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1966",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

140
2017/5xxx/CVE-2017-5003.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-5003", "ID": "CVE-2017-5003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels", "product_name": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels" "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded" "lang": "eng",
}, "value": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system."
{ }
"name" : "98974", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98974" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038648", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038648" "lang": "eng",
} "value": "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038648"
},
{
"name": "98974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98974"
},
{
"name": "http://www.securityfocus.com/archive/1/540693/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded"
}
]
}
}

34
2017/5xxx/CVE-2017-5714.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5714", "ID": "CVE-2017-5714",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/5xxx/CVE-2017-5953.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5953", "ID": "CVE-2017-5953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d" "lang": "eng",
}, "value": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow."
{ }
"name" : "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", ]
"refsource" : "CONFIRM", },
"url" : "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3786", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3786" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201706-26", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-26" ]
}, },
{ "references": {
"name" : "96217", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96217" "name": "GLSA-201706-26",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201706-26"
} },
} {
"name": "96217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96217"
},
{
"name": "DSA-3786",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3786"
},
{
"name": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d",
"refsource": "CONFIRM",
"url": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d"
},
{
"name": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY"
}
]
}
}