admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:50:46 +00:00
parent 6145cac304
commit dc830214b8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4232 additions and 4232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

240
2006/0xxx/CVE-2006-0848.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0848", "ID": "CVE-2006-0848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Open 'safe' files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html" "lang": "eng",
}, "value": "The \"Open 'safe' files after downloading\" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension."
{ }
"name" : "http://www.heise.de/english/newsticker/news/69862", ]
"refsource" : "MISC", },
"url" : "http://www.heise.de/english/newsticker/news/69862" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://docs.info.apple.com/article.html?artnum=303382", "description": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=303382" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA06-053A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-053A.html" ]
}, },
{ "references": {
"name" : "TA06-062A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html" "name": "18963",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18963"
"name" : "VU#999708", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/999708" "name": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html",
}, "refsource": "MISC",
{ "url": "http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html"
"name" : "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php", },
"refsource" : "MISC", {
"url" : "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php" "name": "VU#999708",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/999708"
"name" : "16736", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16736" "name": "16736",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16736"
"name" : "ADV-2006-0671", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0671" "name": "1015652",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015652"
"name" : "23510", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23510" "name": "TA06-053A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-053A.html"
"name" : "1015652", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015652" "name": "ADV-2006-0671",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0671"
"name" : "18963", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18963" "name": "TA06-062A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
"name" : "macosx-zip-command-execution(24808)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808" "name": "http://www.heise.de/english/newsticker/news/69862",
} "refsource": "MISC",
] "url": "http://www.heise.de/english/newsticker/news/69862"
} },
} {
"name": "23510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23510"
},
{
"name": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php",
"refsource": "MISC",
"url": "http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303382",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"name": "macosx-zip-command-execution(24808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24808"
}
]
}
}

190
2006/0xxx/CVE-2006-0875.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0875", "ID": "CVE-2006-0875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060222 [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425775/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter."
{ }
"name" : "http://kapda.ir/advisory-267.html", ]
"refsource" : "MISC", },
"url" : "http://kapda.ir/advisory-267.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16769", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16769" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0694", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0694" ]
}, },
{ "references": {
"name" : "23388", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23388" "name": "1015663",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015663"
"name" : "1015663", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015663" "name": "16769",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16769"
"name" : "18997", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18997" "name": "http://kapda.ir/advisory-267.html",
}, "refsource": "MISC",
{ "url": "http://kapda.ir/advisory-267.html"
"name" : "runcms-ratefile-xss(24871)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24871" "name": "18997",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18997"
} },
} {
"name": "20060222 [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425775/100/0/threaded"
},
{
"name": "23388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23388"
},
{
"name": "runcms-ratefile-xss(24871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24871"
},
{
"name": "ADV-2006-0694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0694"
}
]
}
}

140
2006/3xxx/CVE-2006-3196.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3196", "ID": "CVE-2006-3196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437716/100/0/threaded" "lang": "eng",
}, "value": "index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message."
{ }
"name" : "1135", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/1135" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "singapore-index-path-disclosure(27323)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27323" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "singapore-index-path-disclosure(27323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27323"
},
{
"name": "1135",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1135"
},
{
"name": "20060618 singapore gallery <= 0.10.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437716/100/0/threaded"
}
]
}
}

170
2006/3xxx/CVE-2006-3346.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3346", "ID": "CVE-2006-3346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060630 MyNewsGroups<<--v. 0.6 \"tree.php\" SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438814/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter."
{ }
"name" : "18757", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18757" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2629", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2629" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20915", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20915" ]
}, },
{ "references": {
"name" : "1182", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1182" "name": "ADV-2006-2629",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2629"
"name" : "mynewsgroups-tree-sql-injection(27492)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27492" "name": "1182",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1182"
} },
} {
"name": "20060630 MyNewsGroups<<--v. 0.6 \"tree.php\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438814/100/0/threaded"
},
{
"name": "18757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18757"
},
{
"name": "mynewsgroups-tree-sql-injection(27492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27492"
},
{
"name": "20915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20915"
}
]
}
}

190
2006/3xxx/CVE-2006-3502.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3502", "ID": "CVE-2006-3502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2006-08-01", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" "lang": "eng",
}, "value": "Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled."
{ }
"name" : "TA06-214A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#651844", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/651844" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19289", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19289" ]
}, },
{ "references": {
"name" : "ADV-2006-3101", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "APPLE-SA-2006-08-01",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
"name" : "27741", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27741" "name": "ADV-2006-3101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3101"
"name" : "21253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21253" "name": "21253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21253"
"name" : "macosx-imageio-gif-code-execution(28144)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144" "name": "19289",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19289"
} },
} {
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "macosx-imageio-gif-code-execution(28144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28144"
},
{
"name": "VU#651844",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/651844"
},
{
"name": "27741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27741"
}
]
}
}

190
2006/3xxx/CVE-2006-3678.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3678", "ID": "CVE-2006-3678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to \"force the device into layer 2 fallback (L2FB)\", causing a denial of service (page fault), via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060724 [CYBSEC] TippingPoint detection bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440944/100/0/threaded" "lang": "eng",
}, "value": "TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to \"force the device into layer 2 fallback (L2FB)\", causing a denial of service (page fault), via a malformed packet."
{ }
"name" : "http://www.3com.com/securityalert/alerts/3COM-06-003.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.3com.com/securityalert/alerts/3COM-06-003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19125", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19125" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2956", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2956" ]
}, },
{ "references": {
"name" : "1016562", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016562" "name": "http://www.3com.com/securityalert/alerts/3COM-06-003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.3com.com/securityalert/alerts/3COM-06-003.html"
"name" : "21154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21154" "name": "ADV-2006-2956",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2956"
"name" : "1286", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1286" "name": "1286",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1286"
"name" : "tippingpoint-ips-pagefault-detection-bypass(27934)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27934" "name": "19125",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19125"
} },
} {
"name": "1016562",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016562"
},
{
"name": "20060724 [CYBSEC] TippingPoint detection bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440944/100/0/threaded"
},
{
"name": "21154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21154"
},
{
"name": "tippingpoint-ips-pagefault-detection-bypass(27934)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27934"
}
]
}
}

180
2006/4xxx/CVE-2006-4358.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4358", "ID": "CVE-2006-4358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060821 DieselPay &#304;ndex.php Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0416.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter."
{ }
"name" : "19623", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19623" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3344", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3344" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28074", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/28074" ]
}, },
{ "references": {
"name" : "21588", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21588" "name": "dieselpay-index-xss(28496)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28496"
"name" : "1459", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1459" "name": "19623",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19623"
"name" : "dieselpay-index-xss(28496)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28496" "name": "20060821 DieselPay &#304;ndex.php Cross-Site Scripting Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0416.html"
} },
} {
"name": "ADV-2006-3344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3344"
},
{
"name": "21588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21588"
},
{
"name": "28074",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28074"
},
{
"name": "1459",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1459"
}
]
}
}

240
2006/4xxx/CVE-2006-4385.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4385", "ID": "CVE-2006-4385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060913 Multiple Vulnerabilities in Apple QuickTime", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445888/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image."
{ }
"name" : "http://docs.info.apple.com/article.html?artnum=304357", ]
"refsource" : "CONFIRM", },
"url" : "http://docs.info.apple.com/article.html?artnum=304357" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2006-09-12", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200803-08", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200803-08.xml" ]
}, },
{ "references": {
"name" : "VU#308204", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/308204" "name": "20060913 Multiple Vulnerabilities in Apple QuickTime",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/445888/100/0/threaded"
"name" : "19976", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19976" "name": "28768",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28768"
"name" : "ADV-2006-3577", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3577" "name": "1016830",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016830"
"name" : "28768", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28768" "name": "21893",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21893"
"name" : "1016830", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016830" "name": "19976",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19976"
"name" : "21893", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21893" "name": "GLSA-200803-08",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
"name" : "29182", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29182" "name": "quicktime-sgi-buffer-overflow(28932)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28932"
"name" : "1554", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1554" "name": "1554",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1554"
"name" : "quicktime-sgi-buffer-overflow(28932)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28932" "name": "http://docs.info.apple.com/article.html?artnum=304357",
} "refsource": "CONFIRM",
] "url": "http://docs.info.apple.com/article.html?artnum=304357"
} },
} {
"name": "APPLE-SA-2006-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00000.html"
},
{
"name": "ADV-2006-3577",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3577"
},
{
"name": "VU#308204",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/308204"
},
{
"name": "29182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29182"
}
]
}
}

160
2006/4xxx/CVE-2006-4471.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4471", "ID": "CVE-2006-4471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.joomla.org/content/view/1841/78/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.joomla.org/content/view/1841/78/" "lang": "eng",
}, "value": "The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors."
{ }
"name" : "http://www.joomla.org/content/view/1843/74/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.joomla.org/content/view/1843/74/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3408", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3408" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21666", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21666" ]
}, },
{ "references": {
"name" : "joomla-administratorindex-error(28630)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28630" "name": "ADV-2006-3408",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3408"
} },
} {
"name": "http://www.joomla.org/content/view/1841/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1841/78/"
},
{
"name": "21666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21666"
},
{
"name": "http://www.joomla.org/content/view/1843/74/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1843/74/"
},
{
"name": "joomla-administratorindex-error(28630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28630"
}
]
}
}

34
2006/4xxx/CVE-2006-4515.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4515", "ID": "CVE-2006-4515",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2006/4xxx/CVE-2006-4788.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4788", "ID": "CVE-2006-4788",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to \"yes\", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2354", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2354" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to \"yes\", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter."
{ }
"name" : "http://www.telekorn.com/forum/showthread.php?t=1427", ]
"refsource" : "CONFIRM", },
"url" : "http://www.telekorn.com/forum/showthread.php?t=1427" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3570", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3570" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21878", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21878" ]
}, },
{ "references": {
"name" : "signkorn-log-file-include(28888)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888" "name": "signkorn-log-file-include(28888)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28888"
} },
} {
"name": "http://www.telekorn.com/forum/showthread.php?t=1427",
"refsource": "CONFIRM",
"url": "http://www.telekorn.com/forum/showthread.php?t=1427"
},
{
"name": "ADV-2006-3570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3570"
},
{
"name": "21878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21878"
},
{
"name": "2354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2354"
}
]
}
}

160
2006/6xxx/CVE-2006-6064.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6064", "ID": "CVE-2006-6064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596" "lang": "eng",
}, "value": "Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages."
{ }
"name" : "21217", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21217" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4637", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4637" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22977", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22977" ]
}, },
{ "references": {
"name" : "fuzzball-muck-mpi-bo(30448)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30448" "name": "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596",
} "refsource": "CONFIRM",
] "url": "http://sourceforge.net/project/shownotes.php?release_id=465373&group_id=1596"
} },
} {
"name": "22977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22977"
},
{
"name": "fuzzball-muck-mpi-bo(30448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30448"
},
{
"name": "ADV-2006-4637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4637"
},
{
"name": "21217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21217"
}
]
}
}

130
2006/6xxx/CVE-2006-6550.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6550", "ID": "CVE-2006-6550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2894", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2894" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use."
{ }
"name" : "phorum-dbfile-file-include(30741)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30741" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2894",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2894"
},
{
"name": "phorum-dbfile-file-include(30741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30741"
}
]
}
}

160
2006/7xxx/CVE-2006-7017.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7017", "ID": "CVE-2006-7017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php."
{ }
"name" : "1016330", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1016330" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18752", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2252", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2252" ]
}, },
{ "references": {
"name" : "indexu-admintemplatepath-file-include(27262)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262" "name": "18752",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18752"
} },
} {
"name": "indexu-admintemplatepath-file-include(27262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262"
},
{
"name": "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html"
},
{
"name": "2252",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2252"
},
{
"name": "1016330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1016330"
}
]
}
}

170
2006/7xxx/CVE-2006-7025.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7025", "ID": "CVE-2006-7025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060420 Sql Injection in BookMark4u", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=114555163911635&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter."
{ }
"name" : "20070222 Source verify and clarification of old bookmark4u SQL injection", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2007-February/001373.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1456", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24795", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/24795" ]
}, },
{ "references": {
"name" : "19758", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19758" "name": "ADV-2006-1456",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1456"
"name" : "bookmark4u-config-sql-injection(25956)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956" "name": "24795",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/24795"
} },
} {
"name": "bookmark4u-config-sql-injection(25956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25956"
},
{
"name": "19758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19758"
},
{
"name": "20070222 Source verify and clarification of old bookmark4u SQL injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-February/001373.html"
},
{
"name": "20060420 Sql Injection in BookMark4u",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=114555163911635&w=2"
}
]
}
}

120
2010/2xxx/CVE-2010-2382.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-2382", "ID": "CVE-2010-2382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

210
2010/2xxx/CVE-2010-2489.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2489", "ID": "CVE-2010-2489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/07/02/1" "lang": "eng",
}, "value": "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files."
{ }
"name" : "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/07/02/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", "description": [
"refsource" : "MLIST", {
"url" : "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog" ]
}, },
{ "references": {
"name" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog" "name": "66040",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/66040"
"name" : "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", },
"refsource" : "CONFIRM", {
"url" : "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/" "name": "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/02/10"
"name" : "41321", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41321" "name": "40442",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40442"
"name" : "66040", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/66040" "name": "ruby-argfinplacemode-bo(60135)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135"
"name" : "40442", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40442" "name": "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/02/1"
"name" : "ruby-argfinplacemode-bo(60135)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135" "name": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog",
} "refsource": "CONFIRM",
] "url": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog"
} },
} {
"name": "41321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41321"
},
{
"name": "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out",
"refsource": "MLIST",
"url": "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html"
},
{
"name": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog"
},
{
"name": "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/"
}
]
}
}

170
2010/2xxx/CVE-2010-2659.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2659", "ID": "CVE-2010-2659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1052/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1052/" "lang": "eng",
}, "value": "Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site."
{ }
"name" : "http://www.opera.com/docs/changelogs/unix/1060/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/unix/1060/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/1050/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/1050/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.opera.com/support/search/view/959/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.opera.com/support/search/view/959/" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:11096", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11096" "name": "ADV-2010-1673",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1673"
"name" : "ADV-2010-1673", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1673" "name": "http://www.opera.com/docs/changelogs/windows/1050/",
} "refsource": "CONFIRM",
] "url": "http://www.opera.com/docs/changelogs/windows/1050/"
} },
} {
"name": "http://www.opera.com/docs/changelogs/mac/1052/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1052/"
},
{
"name": "oval:org.mitre.oval:def:11096",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11096"
},
{
"name": "http://www.opera.com/support/search/view/959/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/959/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
}
]
}
}

140
2010/3xxx/CVE-2010-3535.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3535", "ID": "CVE-2010-3535",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024572", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024572" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
},
{
"name": "1024572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024572"
}
]
}
}

200
2010/3xxx/CVE-2010-3591.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3591", "ID": "CVE-2010-3591",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110125 [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515959/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Internal Operations. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll)."
{ }
"name" : "16055", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/16055" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dsecrg.com/pages/vul/show.php?id=305", "description": [
"refsource" : "MISC", {
"url" : "http://dsecrg.com/pages/vul/show.php?id=305" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" ]
}, },
{ "references": {
"name" : "45851", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45851" "name": "ADV-2011-0143",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0143"
"name" : "1024981", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024981" "name": "16055",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/16055"
"name" : "42976", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42976" "name": "http://dsecrg.com/pages/vul/show.php?id=305",
}, "refsource": "MISC",
{ "url": "http://dsecrg.com/pages/vul/show.php?id=305"
"name" : "ADV-2011-0143", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0143" "name": "1024981",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024981"
"name" : "oracle-document-internaloperations-code-exec(64768)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64768" "name": "20110125 [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/515959/100/0/threaded"
} },
} {
"name": "oracle-document-internaloperations-code-exec(64768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64768"
},
{
"name": "42976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42976"
},
{
"name": "45851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45851"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3739.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3739", "ID": "CVE-2010-3739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" "lang": "eng",
}, "value": "The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery."
{ }
"name" : "JR34218", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JR34218",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
}
]
}
}

190
2011/0xxx/CVE-2011-0405.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0405", "ID": "CVE-2011-0405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15913", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15913" "lang": "eng",
}, "value": "Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter."
{ }
"name" : "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "45674", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/45674" ]
}, },
{ "references": {
"name" : "70295", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70295" "name": "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059"
"name" : "42786", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42786" "name": "ADV-2011-0036",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0036"
"name" : "ADV-2011-0036", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0036" "name": "70295",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/70295"
"name" : "phpgedview-module-file-include(64733)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64733" "name": "15913",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/15913"
} },
} {
"name": "phpgedview-module-file-include(64733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64733"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081"
},
{
"name": "42786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42786"
},
{
"name": "45674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45674"
}
]
}
}

210
2011/0xxx/CVE-2011-0482.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0482", "ID": "CVE-2011-0482",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=68178", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=68178" "lang": "eng",
}, "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2188", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2011/dsa-2188" ]
}, },
{ "references": {
"name" : "SUSE-SR:2011:009", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" "name": "SUSE-SR:2011:009",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
"name" : "45788", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45788" "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
"name" : "70465", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70465" "name": "chrome-anchors-dos(64673)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64673"
"name" : "oval:org.mitre.oval:def:14662", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14662" "name": "45788",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45788"
"name" : "42951", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42951" "name": "oval:org.mitre.oval:def:14662",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14662"
"name" : "chrome-anchors-dos(64673)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64673" "name": "http://code.google.com/p/chromium/issues/detail?id=68178",
} "refsource": "CONFIRM",
] "url": "http://code.google.com/p/chromium/issues/detail?id=68178"
} },
} {
"name": "70465",
"refsource": "OSVDB",
"url": "http://osvdb.org/70465"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name": "DSA-2188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2188"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}

34
2011/0xxx/CVE-2011-0906.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0906", "ID": "CVE-2011-0906",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/0xxx/CVE-2011-0970.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0970", "ID": "CVE-2011-0970",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2011/1xxx/CVE-2011-1112.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1112", "ID": "CVE-2011-1112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=70244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=70244" "lang": "eng",
}, "value": "Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46614", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46614" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14648", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14648" ]
}, },
{ "references": {
"name" : "google-chrome-svgcontent-code-exec(65730)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65730" "name": "oval:org.mitre.oval:def:14648",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14648"
} },
} {
"name": "46614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46614"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=70244",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=70244"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
},
{
"name": "google-chrome-svgcontent-code-exec(65730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65730"
}
]
}
}

300
2011/1xxx/CVE-2011-1783.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1783", "ID": "CVE-2011-1783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt" "lang": "eng",
}, "value": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data."
{ }
"name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", ]
"refsource" : "CONFIRM", },
"url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709112", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709112" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5130", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5130" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-02-01-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "name": "DSA-2251",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2251"
"name" : "DSA-2251", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2251" "name": "USN-1144-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1144-1"
"name" : "FEDORA-2011-8341", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" "name": "http://support.apple.com/kb/HT5130",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5130"
"name" : "FEDORA-2011-8352", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" "name": "MDVSA-2011:106",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106"
"name" : "MDVSA-2011:106", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" "name": "44849",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44849"
"name" : "RHSA-2011:0862", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0862.html" "name": "RHSA-2011:0862",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html"
"name" : "USN-1144-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1144-1" "name": "FEDORA-2011-8341",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html"
"name" : "48091", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48091" "name": "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt",
}, "refsource": "CONFIRM",
{ "url": "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt"
"name" : "oval:org.mitre.oval:def:18889", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889" "name": "oval:org.mitre.oval:def:18889",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18889"
"name" : "1025618", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025618" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709112",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112"
"name" : "44633", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44633" "name": "44888",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44888"
"name" : "44681", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44681" "name": "APPLE-SA-2012-02-01-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
"name" : "45162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45162" "name": "45162",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45162"
"name" : "44849", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44849" "name": "1025618",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025618"
"name" : "44888", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44888" "name": "44681",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44681"
} },
} {
"name": "48091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48091"
},
{
"name": "FEDORA-2011-8352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html"
},
{
"name": "44633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44633"
},
{
"name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES"
}
]
}
}

190
2011/1xxx/CVE-2011-1879.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1879", "ID": "CVE-2011-1879",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/css/P8/documents/100144947", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100144947" "lang": "eng",
}, "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\""
{ }
"name" : "MS11-054", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA11-193A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48593", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48593" ]
}, },
{ "references": {
"name" : "73781", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/73781" "name": "48593",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48593"
"name" : "oval:org.mitre.oval:def:11946", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11946" "name": "MS11-054",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
"name" : "1025761", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025761" "name": "http://support.avaya.com/css/P8/documents/100144947",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100144947"
"name" : "45186", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45186" "name": "TA11-193A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
} },
} {
"name": "45186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45186"
},
{
"name": "oval:org.mitre.oval:def:11946",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11946"
},
{
"name": "1025761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025761"
},
{
"name": "73781",
"refsource": "OSVDB",
"url": "http://osvdb.org/73781"
}
]
}
}

170
2011/5xxx/CVE-2011-5008.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5008", "ID": "CVE-2011-5008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2011/Nov/178" "lang": "eng",
}, "value": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow."
{ }
"name" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/codesys_1-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77386", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/77386" ]
}, },
{ "references": {
"name" : "47018", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47018" "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf",
}, "refsource": "MISC",
{ "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
"name" : "codesys-gatewayservice-bo(71531)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531" "name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
} "refsource": "BUGTRAQ",
] "url": "http://seclists.org/bugtraq/2011/Nov/178"
} },
} {
"name": "47018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47018"
},
{
"name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77386"
},
{
"name": "codesys-gatewayservice-bo(71531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
}
]
}
}

160
2014/3xxx/CVE-2014-3432.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2014-3432", "ID": "CVE-2014-3432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field."
{ }
"name" : "68160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68160" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030472", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030472" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59538", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/59538" ]
}, },
{ "references": {
"name" : "59561", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59561" "name": "68160",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/68160"
} },
} {
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00"
},
{
"name": "59561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59561"
},
{
"name": "59538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59538"
},
{
"name": "1030472",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030472"
}
]
}
}

150
2014/3xxx/CVE-2014-3630.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3630", "ID": "CVE-2014-3630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf" "lang": "eng",
}, "value": "XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data."
{ }
"name" : "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ", ]
"refsource" : "CONFIRM", },
"url" : "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity", ]
"refsource" : "CONFIRM", }
"url" : "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf",
"refsource": "MISC",
"url": "https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf"
},
{
"name": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ"
},
{
"name": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ"
},
{
"name": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity",
"refsource": "CONFIRM",
"url": "https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity"
}
]
}
}

190
2014/3xxx/CVE-2014-3924.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3924", "ID": "CVE-2014-3924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.webmin.com/changes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.webmin.com/changes.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
{ }
"name" : "http://www.webmin.com/uchanges.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.webmin.com/uchanges.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67647", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67647" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "67649", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/67649" ]
}, },
{ "references": {
"name" : "1030296", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030296" "name": "http://www.webmin.com/changes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.webmin.com/changes.html"
"name" : "1030297", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030297" "name": "58917",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/58917"
"name" : "58917", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58917" "name": "58919",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/58919"
"name" : "58919", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58919" "name": "67649",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/67649"
} },
} {
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67647"
}
]
}
}

34
2014/6xxx/CVE-2014-6117.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6117", "ID": "CVE-2014-6117",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/6xxx/CVE-2014-6544.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6544", "ID": "CVE-2014-6544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289."
{ }
"name" : "70553", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70553" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70553"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6760.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6760", "ID": "CVE-2014-6760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#234721", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/234721" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#234721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/234721"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6862.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6862", "ID": "CVE-2014-6862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#244137", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/244137" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#244137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/244137"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6885.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6885", "ID": "CVE-2014-6885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#274409", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/274409" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#274409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/274409"
}
]
}
}

34
2014/7xxx/CVE-2014-7662.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7662", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7662",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

310
2014/7xxx/CVE-2014-7975.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7975", "ID": "CVE-2014-7975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141008 CVE-2014-7975: 0-day umount denial of service", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/10/08/22" "lang": "eng",
}, "value": "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call."
{ }
"name" : "[stable] 20141008 [PATCH] fs: Add a missing permission check to do_umount", ]
"refsource" : "MLIST", },
"url" : "http://thread.gmane.org/gmane.linux.kernel.stable/109312" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151108", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1151108" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5" ]
}, },
{ "references": {
"name" : "RHSA-2017:1842", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1842" "name": "USN-2418-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2418-1"
"name" : "RHSA-2017:2077", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2077" "name": "61145",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61145"
"name" : "USN-2415-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2415-1" "name": "linux-kernel-cve20147975-dos(96994)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96994"
"name" : "USN-2416-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2416-1" "name": "USN-2416-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2416-1"
"name" : "USN-2419-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2419-1" "name": "USN-2417-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2417-1"
"name" : "USN-2420-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2420-1" "name": "USN-2415-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2415-1"
"name" : "USN-2421-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2421-1" "name": "USN-2419-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2419-1"
"name" : "USN-2417-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2417-1" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5"
"name" : "USN-2418-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2418-1" "name": "1031180",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031180"
"name" : "70314", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70314" "name": "60174",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60174"
"name" : "1031180", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031180" "name": "USN-2421-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2421-1"
"name" : "61145", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61145" "name": "USN-2420-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2420-1"
"name" : "60174", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60174" "name": "RHSA-2017:2077",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2077"
"name" : "62633", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62633" "name": "RHSA-2017:1842",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1842"
"name" : "62634", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62634" "name": "62633",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62633"
"name" : "linux-kernel-cve20147975-dos(96994)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96994" "name": "[oss-security] 20141008 CVE-2014-7975: 0-day umount denial of service",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2014/10/08/22"
} },
} {
"name": "62634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62634"
},
{
"name": "[stable] 20141008 [PATCH] fs: Add a missing permission check to do_umount",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.linux.kernel.stable/109312"
},
{
"name": "70314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70314"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151108"
}
]
}
}

290
2014/8xxx/CVE-2014-8106.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8106", "ID": "CVE-2014-8106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."
{ }
"name" : "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/12/04/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0", ]
"refsource" : "CONFIRM", }
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0" ]
}, },
{ "references": {
"name" : "http://support.citrix.com/article/CTX200892", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX200892" "name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"
"name" : "DSA-3087", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3087" "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a",
}, "refsource": "CONFIRM",
{ "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=bf25983345ca44aec3dd92c57142be45452bd38a"
"name" : "DSA-3088", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3088" "name": "RHSA-2015:0795",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"
"name" : "FEDORA-2015-5482", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html" "name": "RHSA-2015:0624",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
"name" : "RHSA-2015:0643", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0643.html" "name": "FEDORA-2015-5482",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
"name" : "RHSA-2015:0349", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0349.html" "name": "RHSA-2015:0891",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"
"name" : "RHSA-2015:0624", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0624.html" "name": "71477",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/71477"
"name" : "RHSA-2015:0795", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0795.html" "name": "RHSA-2015:0643",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"
"name" : "RHSA-2015:0867", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0867.html" "name": "qemu-cve20148106-sec-bypass(99126)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"
"name" : "RHSA-2015:0868", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0868.html" "name": "60364",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60364"
"name" : "RHSA-2015:0891", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0891.html" "name": "RHSA-2015:0349",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
"name" : "71477", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71477" "name": "RHSA-2015:0868",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"
"name" : "60364", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60364" "name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)",
}, "refsource": "MLIST",
{ "url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"
"name" : "qemu-cve20148106-sec-bypass(99126)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126" "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0",
} "refsource": "CONFIRM",
] "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0"
} },
} {
"name": "DSA-3088",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3088"
},
{
"name": "http://support.citrix.com/article/CTX200892",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "DSA-3087",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3087"
},
{
"name": "RHSA-2015:0867",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"
}
]
}
}

330
2016/2xxx/CVE-2016-2141.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-2141", "ID": "CVE-2016-2141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://issues.jboss.org/browse/JGRP-2021", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.jboss.org/browse/JGRP-2021" "lang": "eng",
}, "value": "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors."
{ }
"name" : "RHSA-2016:1328", ]
"refsource" : "REDHAT", },
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1328.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:1329", "description": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1329.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2016:1330", ]
"refsource" : "REDHAT", }
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1330.html" ]
}, },
{ "references": {
"name" : "RHSA-2016:1331", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1331.html" "name": "RHSA-2016:1347",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1347"
"name" : "RHSA-2016:1332", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1332.html" "name": "RHSA-2016:2035",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
"name" : "RHSA-2016:1333", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1333.html" "name": "RHSA-2016:1389",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1389"
"name" : "RHSA-2016:1334", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2016-1334.html" "name": "RHSA-2016:1345",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1345"
"name" : "RHSA-2016:1345", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1345" "name": "RHSA-2016:1376",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1376"
"name" : "RHSA-2016:1346", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1346" "name": "RHSA-2016:1330",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html"
"name" : "RHSA-2016:1347", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1347" "name": "RHSA-2016:1439",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html"
"name" : "RHSA-2016:1374", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1374" "name": "RHSA-2016:1331",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html"
"name" : "RHSA-2016:1389", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1389" "name": "91481",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91481"
"name" : "RHSA-2016:1433", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1433" "name": "RHSA-2016:1434",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1434"
"name" : "RHSA-2016:1434", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1434" "name": "RHSA-2016:1328",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html"
"name" : "RHSA-2016:1435", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1435.html" "name": "RHSA-2016:1433",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1433"
"name" : "RHSA-2016:1432", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1432" "name": "https://issues.jboss.org/browse/JGRP-2021",
}, "refsource": "CONFIRM",
{ "url": "https://issues.jboss.org/browse/JGRP-2021"
"name" : "RHSA-2016:1439", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1439.html" "name": "RHSA-2016:1374",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1374"
"name" : "RHSA-2016:1376", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1376" "name": "RHSA-2016:1432",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1432"
"name" : "RHSA-2016:2035", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2035.html" "name": "RHSA-2016:1346",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1346"
"name" : "91481", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91481" "name": "RHSA-2016:1334",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html"
"name" : "1036165", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036165" "name": "RHSA-2016:1333",
} "refsource": "REDHAT",
] "url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html"
} },
} {
"name": "RHSA-2016:1329",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html"
},
{
"name": "RHSA-2016:1332",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html"
},
{
"name": "RHSA-2016:1435",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
},
{
"name": "1036165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036165"
}
]
}
}

120
2016/2xxx/CVE-2016-2431.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2431", "ID": "CVE-2016-2431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "lang": "eng",
} "value": "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2564.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2564", "ID": "CVE-2016-2564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://invisionpower.com/release-notes/419-r37/", "description_data": [
"refsource" : "MISC", {
"url" : "https://invisionpower.com/release-notes/419-r37/" "lang": "eng",
}, "value": "Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation."
{ }
"name" : "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9", ]
"refsource" : "MISC", },
"url" : "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9",
"refsource": "MISC",
"url": "https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9"
},
{
"name": "https://invisionpower.com/release-notes/419-r37/",
"refsource": "MISC",
"url": "https://invisionpower.com/release-notes/419-r37/"
}
]
}
}

130
2016/2xxx/CVE-2016-2930.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2930", "ID": "CVE-2016-2930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BigFix Remote Control", "product_name": "BigFix Remote Control",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.1.3" "version_value": "9.1.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22002331", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22002331" "lang": "eng",
}, "value": "IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512."
{ }
"name" : "98304", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98304" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98304"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002331",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002331"
}
]
}
}

166
2016/2xxx/CVE-2016-2976.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-25T00:00:00", "DATE_PUBLIC": "2017-08-25T00:00:00",
"ID" : "CVE-2016-2976", "ID": "CVE-2016-2976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sametime", "product_name": "Sametime",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.5.2" "version_value": "8.5.2"
}, },
{ {
"version_value" : "8.5.2.1" "version_value": "8.5.2.1"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "9.0.0.1" "version_value": "9.0.0.1"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936" "lang": "eng",
}, "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100572", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100572" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113936"
},
{
"name": "100572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100572"
}
]
}
}

154
2016/6xxx/CVE-2016-6096.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-6096", "ID": "CVE-2016-6096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Key Lifecycle Manager", "product_name": "Key Lifecycle Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.5" "version_value": "2.5"
}, },
{ {
"version_value" : "1.0" "version_value": "1.0"
}, },
{ {
"version_value" : "2.0" "version_value": "2.0"
}, },
{ {
"version_value" : "2.0.1" "version_value": "2.0.1"
}, },
{ {
"version_value" : "2.6" "version_value": "2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997984", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997984" "lang": "eng",
}, "value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
{ }
"name" : "95983", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95983" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95983"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997984",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997984"
}
]
}
}

150
2017/18xxx/CVE-2017-18087.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC" : "2018-02-15T00:00:00", "DATE_PUBLIC": "2018-02-15T00:00:00",
"ID" : "CVE-2017-18087", "ID": "CVE-2017-18087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Bitbucket Server", "product_name": "Bitbucket Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "from 5.1.0 prior to 5.1.7" "version_value": "from 5.1.0 prior to 5.1.7"
}, },
{ {
"version_value" : "from 5.2.0 prior to 5.2.5" "version_value": "from 5.2.0 prior to 5.2.5"
}, },
{ {
"version_value" : "from 5.3.0 prior to 5.3.3" "version_value": "from 5.3.0 prior to 5.3.3"
}, },
{ {
"version_value" : "from 5.4.0 prior to 5.4.1" "version_value": "from 5.4.0 prior to 5.4.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Atlassian" "vendor_name": "Atlassian"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Argument Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jira.atlassian.com/browse/BSERV-10593", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jira.atlassian.com/browse/BSERV-10593" "lang": "eng",
}, "value": "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter."
{ }
"name" : "103038", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103038" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103038"
},
{
"name": "https://jira.atlassian.com/browse/BSERV-10593",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/BSERV-10593"
}
]
}
}

130
2017/18xxx/CVE-2017-18210.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18210", "ID": "CVE-2017-18210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/791", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/791" "lang": "eng",
}, "value": "In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked."
{ }
"name" : "103212", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103212" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/791",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/791"
},
{
"name": "103212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103212"
}
]
}
}

162
2017/1xxx/CVE-2017-1255.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-04-30T00:00:00", "DATE_PUBLIC": "2018-04-30T00:00:00",
"ID" : "CVE-2017-1255", "ID": "CVE-2017-1255",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Guardium", "product_name": "Security Guardium",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.0" "version_value": "10.0"
}, },
{ {
"version_value" : "10.0.1" "version_value": "10.0.1"
}, },
{ {
"version_value" : "10.1" "version_value": "10.1"
}, },
{ {
"version_value" : "10.1.2" "version_value": "10.1.2"
}, },
{ {
"version_value" : "10.1.3" "version_value": "10.1.3"
}, },
{ {
"version_value" : "10.1.4" "version_value": "10.1.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537" "lang": "eng",
}, "value": "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675."
{ }
"name" : "ibm-guardium-cve20171255-info-disc(124675)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-guardium-cve20171255-info-disc(124675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014537",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014537"
}
]
}
}

142
2017/1xxx/CVE-2017-1443.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-28T00:00:00", "DATE_PUBLIC": "2017-08-28T00:00:00",
"ID" : "CVE-2017-1443", "ID": "CVE-2017-1443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Emptoris Services Procurement", "product_name": "Emptoris Services Procurement",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.0.0.5" "version_value": "10.0.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109" "lang": "eng",
}, "value": "IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99542", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99542" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128109"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"
},
{
"name": "99542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99542"
}
]
}
}

34
2017/1xxx/CVE-2017-1643.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1643", "ID": "CVE-2017-1643",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/5xxx/CVE-2017-5261.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5261", "ID": "CVE-2017-5261",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "cnPilot", "product_name": "cnPilot",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.3.2-R4 and prior" "version_value": "4.3.2-R4 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cambium Networks" "vendor_name": "Cambium Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" "lang": "eng",
} "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
}

34
2017/5xxx/CVE-2017-5278.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5278", "ID": "CVE-2017-5278",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

172
2017/5xxx/CVE-2017-5641.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-03-27T00:00:00", "DATE_PUBLIC": "2017-03-27T00:00:00",
"ID" : "CVE-2017-5641", "ID": "CVE-2017-5641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Flex Blaze DS", "product_name": "Apache Flex Blaze DS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 4.7.3" "version_value": "before 4.7.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[flex-dev] 20170327 [VOTE] Release Apache Flex BlazeDS 4.7.3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746@c-ware.de%3E" "lang": "eng",
}, "value": "Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution."
{ }
"name" : "https://issues.apache.org/jira/browse/FLEX-35290", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/FLEX-35290" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "VU#307983", ]
"refsource" : "CERT-VN", }
"url" : "https://www.kb.cert.org/vuls/id/307983" ]
}, },
{ "references": {
"name" : "97383", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97383" "name": "VU#307983",
}, "refsource": "CERT-VN",
{ "url": "https://www.kb.cert.org/vuls/id/307983"
"name" : "1038273", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038273" "name": "97383",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/97383"
} },
} {
"name": "1038273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038273"
},
{
"name": "[flex-dev] 20170327 [VOTE] Release Apache Flex BlazeDS 4.7.3",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/flex-dev/201703.mbox/%3C6B86C8D0-6E36-48F5-AC81-4AB3978F6746@c-ware.de%3E"
},
{
"name": "https://issues.apache.org/jira/browse/FLEX-35290",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/FLEX-35290"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03823en_us"
}
]
}
}