admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:28:43 +00:00
parent 2a11f957f7
commit dd7e6af715
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4589 additions and 4589 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/3xxx/CVE-2006-3161.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060619 SaphpLesson<<--1.1 \"misc.php\" SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437659/100/0/threaded"
},
{
"name" : "18501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18501"
},
{
"name" : "1016342",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016342"
},
{
"name" : "1123",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1123"
},
{
"name" : "saphplesson-misc-sql-injection(27304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016342",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016342"
},
{
"name": "1123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1123"
},
{
"name": "20060619 SaphpLesson<<--1.1 \"misc.php\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437659/100/0/threaded"
},
{
"name": "18501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18501"
},
{
"name": "saphplesson-misc-sql-injection(27304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27304"
}
]
}
}

130
2006/3xxx/CVE-2006-3207.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using \"[NR]\" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
},
{
"name" : "1138",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using \"[NR]\" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1138",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1138"
},
{
"name": "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437875/100/0/threaded"
}
]
}
}

690
2006/3xxx/CVE-2006-3802.json
View File

@ -1,347 +1,347 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060727 rPSA-2006-0137-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-47.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-47.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-536",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-536"
},
{
"name" : "https://issues.rpath.com/browse/RPL-537",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-537"
},
{
"name" : "GLSA-200608-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name" : "GLSA-200608-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name" : "GLSA-200608-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:143",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name" : "MDKSA-2006:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name" : "MDKSA-2006:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name" : "RHSA-2006:0608",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name" : "RHSA-2006:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name" : "RHSA-2006:0611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name" : "RHSA-2006:0609",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name" : "RHSA-2006:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name" : "20060703-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name" : "SUSE-SA:2006:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name" : "USN-327-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/327-1/"
},
{
"name" : "USN-329-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/329-1/"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "19181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19181"
},
{
"name" : "oval:org.mitre.oval:def:9611",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9611"
},
{
"name" : "ADV-2006-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1016586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016586"
},
{
"name" : "1016587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016587"
},
{
"name" : "1016588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016588"
},
{
"name" : "19873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19873"
},
{
"name" : "21216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21216"
},
{
"name" : "21228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21228"
},
{
"name" : "21229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21229"
},
{
"name" : "21246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21246"
},
{
"name" : "21243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21243"
},
{
"name" : "21269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21269"
},
{
"name" : "21270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21270"
},
{
"name" : "21275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21275"
},
{
"name" : "21336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21336"
},
{
"name" : "21358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21358"
},
{
"name" : "21361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21361"
},
{
"name" : "21250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21250"
},
{
"name" : "21262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21262"
},
{
"name" : "21343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21343"
},
{
"name" : "21529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21529"
},
{
"name" : "21532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21532"
},
{
"name" : "21607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21607"
},
{
"name" : "21631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21631"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-dom-method-xss(27983)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21243"
},
{
"name": "RHSA-2006:0608",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name": "GLSA-200608-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "19181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19181"
},
{
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name": "ADV-2006-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name": "20060727 rPSA-2006-0137-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name": "21529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21529"
},
{
"name": "21216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21216"
},
{
"name": "GLSA-200608-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "1016588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016588"
},
{
"name": "USN-329-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/329-1/"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name": "1016586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016586"
},
{
"name": "19873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19873"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "USN-327-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/327-1/"
},
{
"name": "oval:org.mitre.oval:def:9611",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9611"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-47.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-47.html"
},
{
"name": "21361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21361"
},
{
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21275"
},
{
"name": "21246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21246"
},
{
"name": "SUSE-SA:2006:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name": "mozilla-dom-method-xss(27983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27983"
},
{
"name": "21229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21229"
},
{
"name": "1016587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016587"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "21228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21228"
},
{
"name": "21250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21250"
},
{
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21358"
},
{
"name": "https://issues.rpath.com/browse/RPL-536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-536"
},
{
"name": "https://issues.rpath.com/browse/RPL-537",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-537"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name": "GLSA-200608-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name": "21343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21343"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
]
}
}

180
2006/4xxx/CVE-2006-4016.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060803 [MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442100"
},
{
"name" : "http://www.majorsecurity.de/index_en2.php?major_rls=major_rls27",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/index_en2.php?major_rls=major_rls27"
},
{
"name" : "19329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19329"
},
{
"name" : "ADV-2006-3151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3151"
},
{
"name" : "1016636",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016636"
},
{
"name" : "21344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21344"
},
{
"name" : "1337",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.majorsecurity.de/index_en2.php?major_rls=major_rls27",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_en2.php?major_rls=major_rls27"
},
{
"name": "20060803 [MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442100"
},
{
"name": "1016636",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016636"
},
{
"name": "21344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21344"
},
{
"name": "1337",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1337"
},
{
"name": "19329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19329"
},
{
"name": "ADV-2006-3151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3151"
}
]
}
}

180
2006/4xxx/CVE-2006-4099.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf",
"refsource" : "MISC",
"url" : "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
},
{
"name" : "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf",
"refsource" : "MISC",
"url" : "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name" : "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name" : "21350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21350"
},
{
"name" : "ADV-2006-4748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4748"
},
{
"name" : "23137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23137"
},
{
"name" : "crystalreports-wcsid-session-hijacking(30568)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"name": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23137"
},
{
"name": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
]
}
}

170
2006/4xxx/CVE-2006-4321.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2196",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2196"
},
{
"name" : "19589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19589"
},
{
"name" : "ADV-2006-3310",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3310"
},
{
"name" : "27970",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27970"
},
{
"name" : "21539",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21539"
},
{
"name" : "coppermine-cpg-file-include(28413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3310"
},
{
"name": "2196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2196"
},
{
"name": "27970",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27970"
},
{
"name": "19589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19589"
},
{
"name": "coppermine-cpg-file-include(28413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28413"
},
{
"name": "21539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21539"
}
]
}
}

170
2006/4xxx/CVE-2006-4445.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060825 CuteNews 1.3.* Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444385/100/0/threaded"
},
{
"name" : "20060829 Re: CuteNews 1.3.* Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444733/100/0/threaded"
},
{
"name" : "20060902 Re: CuteNews 1.3.* Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html"
},
{
"name" : "20060829 CuteNews 1.3.* Remote File Include Vulnerability",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-August/001000.html"
},
{
"name" : "29842",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29842"
},
{
"name" : "cutenews-search-file-include(28582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060829 Re: CuteNews 1.3.* Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444733/100/0/threaded"
},
{
"name": "29842",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29842"
},
{
"name": "cutenews-search-file-include(28582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28582"
},
{
"name": "20060902 Re: CuteNews 1.3.* Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0040.html"
},
{
"name": "20060825 CuteNews 1.3.* Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444385/100/0/threaded"
},
{
"name": "20060829 CuteNews 1.3.* Remote File Include Vulnerability",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-August/001000.html"
}
]
}
}

150
2006/4xxx/CVE-2006-4494.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
},
{
"name" : "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15",
"refsource" : "MISC",
"url" : "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15"
},
{
"name" : "19572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19572"
},
{
"name" : "1473",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
},
{
"name": "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15",
"refsource": "MISC",
"url": "http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15"
},
{
"name": "19572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19572"
},
{
"name": "1473",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1473"
}
]
}
}

250
2006/4xxx/CVE-2006-4925.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name" : "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=148228",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h"
},
{
"name" : "https://issues.rpath.com/browse/RPL-681",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-681"
},
{
"name" : "https://issues.rpath.com/browse/RPL-661",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-661"
},
{
"name" : "MDKSA-2006:179",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
},
{
"name" : "OpenPKG-SA-2006.022",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name" : "SUSE-SR:2006:024",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name" : "SUSE-SA:2006:062",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name" : "22245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22245"
},
{
"name" : "22495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22495"
},
{
"name" : "23038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23038"
},
{
"name" : "22298",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23038"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name": "SUSE-SR:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
},
{
"name": "SUSE-SA:2006:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-681",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "22298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22298"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h"
},
{
"name": "22495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22495"
},
{
"name": "20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447153/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.022",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
},
{
"name": "22245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22245"
},
{
"name": "https://issues.rpath.com/browse/RPL-661",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-661"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=148228",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=148228"
},
{
"name": "MDKSA-2006:179",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
}
]
}
}

170
2006/6xxx/CVE-2006-6042.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070607 phpWebThings ==>1.5.2 RFI",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470794/100/0/threaded"
},
{
"name" : "2811",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2811"
},
{
"name" : "21178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21178"
},
{
"name" : "ADV-2006-4596",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4596"
},
{
"name" : "23001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23001"
},
{
"name" : "phpwebthings-editor-file-include(30401)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2811",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2811"
},
{
"name": "20070607 phpWebThings ==>1.5.2 RFI",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470794/100/0/threaded"
},
{
"name": "phpwebthings-editor-file-include(30401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30401"
},
{
"name": "21178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21178"
},
{
"name": "23001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23001"
},
{
"name": "ADV-2006-4596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4596"
}
]
}
}

150
2006/6xxx/CVE-2006-6397.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061122 *BSD banner INT overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452322/100/200/threaded"
},
{
"name" : "20061122 Re: *BSD banner INT overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452330/100/200/threaded"
},
{
"name" : "20061122 Re: Re: *BSD banner INT overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452374/100/200/threaded"
},
{
"name" : "20061123 Re: *BSD banner INT overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452470/100/200/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061122 Re: Re: *BSD banner INT overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452374/100/200/threaded"
},
{
"name": "20061122 *BSD banner INT overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452322/100/200/threaded"
},
{
"name": "20061122 Re: *BSD banner INT overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452330/100/200/threaded"
},
{
"name": "20061123 Re: *BSD banner INT overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452470/100/200/threaded"
}
]
}
}

130
2006/6xxx/CVE-2006-6766.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-5117",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5117"
},
{
"name" : "cwmexplorer-unspecified-sql-injection(31148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cwmexplorer-unspecified-sql-injection(31148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31148"
},
{
"name": "ADV-2006-5117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5117"
}
]
}
}

150
2006/7xxx/CVE-2006-7064.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 Invision Power Board XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name" : "18450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18450"
},
{
"name" : "2307",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2307"
},
{
"name" : "ipb-admin-phpinfo-xss(27069)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 Invision Power Board XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
]
}
}

130
2006/7xxx/CVE-2006-7200.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cr-labs.com/publications/SiteKey-20060718.pdf",
"refsource" : "MISC",
"url" : "http://www.cr-labs.com/publications/SiteKey-20060718.pdf"
},
{
"name" : "http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf",
"refsource" : "MISC",
"url" : "http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf",
"refsource": "MISC",
"url": "http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf"
},
{
"name": "http://www.cr-labs.com/publications/SiteKey-20060718.pdf",
"refsource": "MISC",
"url": "http://www.cr-labs.com/publications/SiteKey-20060718.pdf"
}
]
}
}

130
2010/2xxx/CVE-2010-2414.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

150
2010/2xxx/CVE-2010-2570.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka \"Heap Overrun in pubconv.dll Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-103",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:12187",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12187"
},
{
"name" : "1024885",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka \"Heap Overrun in pubconv.dll Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-103",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103"
},
{
"name": "1024885",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024885"
},
{
"name": "oval:org.mitre.oval:def:12187",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12187"
}
]
}
}

190
2011/0xxx/CVE-2011-0035.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-2556 and CVE-2011-0036."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100127294",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100127294"
},
{
"name" : "MS11-003",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
},
{
"name" : "46157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46157"
},
{
"name" : "70831",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70831"
},
{
"name" : "oval:org.mitre.oval:def:12371",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371"
},
{
"name" : "1025038",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025038"
},
{
"name" : "ADV-2011-0318",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0318"
},
{
"name" : "ms-explorer-code-execution(64911)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-2556 and CVE-2011-0036."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12371",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12371"
},
{
"name": "ms-explorer-code-execution(64911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64911"
},
{
"name": "http://support.avaya.com/css/P8/documents/100127294",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100127294"
},
{
"name": "ADV-2011-0318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0318"
},
{
"name": "46157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46157"
},
{
"name": "MS11-003",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-003"
},
{
"name": "1025038",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025038"
},
{
"name": "70831",
"refsource": "OSVDB",
"url": "http://osvdb.org/70831"
}
]
}
}

190
2011/0xxx/CVE-2011-0483.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=68181",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=68181"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name" : "45788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45788"
},
{
"name" : "70466",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70466"
},
{
"name" : "oval:org.mitre.oval:def:14706",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14706"
},
{
"name" : "42951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42951"
},
{
"name" : "chrome-type-cast-dos(64674)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70466",
"refsource": "OSVDB",
"url": "http://osvdb.org/70466"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "45788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"name": "chrome-type-cast-dos(64674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64674"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name": "oval:org.mitre.oval:def:14706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14706"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=68181",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=68181"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}

120
2011/0xxx/CVE-2011-0843.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity via unknown vectors related to Globalization - Automotive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

160
2011/0xxx/CVE-2011-0966.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17304",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17304"
},
{
"name" : "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
},
{
"name" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
"refsource" : "MISC",
"url" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
},
{
"name" : "cisco-uom-auditlog-directory-traversal(67525)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
},
{
"name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
},
{
"name": "17304",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17304"
},
{
"name": "cisco-uom-auditlog-directory-traversal(67525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
}
]
}
}

34
2011/1xxx/CVE-2011-1410.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1410",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1410",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2011/1xxx/CVE-2011-1411.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://shibboleth.internet2.edu/secadv/secadv_20110725.txt",
"refsource" : "CONFIRM",
"url" : "http://shibboleth.internet2.edu/secadv/secadv_20110725.txt"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "DSA-2284",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2284"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "50994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50994"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shibboleth.internet2.edu/secadv/secadv_20110725.txt",
"refsource": "CONFIRM",
"url": "http://shibboleth.internet2.edu/secadv/secadv_20110725.txt"
},
{
"name": "DSA-2284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2284"
},
{
"name": "50994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50994"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2011/1xxx/CVE-2011-1433.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=6878",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
},
{
"name" : "otrs-agentinterface-info-disc(66196)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=6878",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=6878"
},
{
"name": "otrs-agentinterface-info-disc(66196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66196"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

190
2011/1xxx/CVE-2011-1569.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing \".\", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110320 Douran Portal File Download/Source Code Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517085/100/0/threaded"
},
{
"name" : "17011",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17011"
},
{
"name" : "http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/",
"refsource" : "MISC",
"url" : "http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/"
},
{
"name" : "46927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46927"
},
{
"name" : "71250",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71250"
},
{
"name" : "43792",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43792"
},
{
"name" : "8180",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8180"
},
{
"name" : "douranportal-download-file-download(66177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing \".\", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46927"
},
{
"name": "17011",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17011"
},
{
"name": "20110320 Douran Portal File Download/Source Code Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517085/100/0/threaded"
},
{
"name": "8180",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8180"
},
{
"name": "http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/",
"refsource": "MISC",
"url": "http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/"
},
{
"name": "71250",
"refsource": "OSVDB",
"url": "http://osvdb.org/71250"
},
{
"name": "43792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43792"
},
{
"name": "douranportal-download-file-download(66177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66177"
}
]
}
}

200
2011/1xxx/CVE-2011-1746.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflow",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2011/4/14/294"
},
{
"name" : "[linux-kernel] 20110419 Re: [PATCH] char: agp: fix OOM and buffer overflow",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2011/4/19/400"
},
{
"name" : "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/21/4"
},
{
"name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/22/7"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698998",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698998"
},
{
"name" : "RHSA-2011:0927",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name" : "47535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b522f02184b413955f3bc952e3776ce41edc6355"
},
{
"name": "RHSA-2011:0927",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name": "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/21/4"
},
{
"name": "47535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47535"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=698998",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=698998"
},
{
"name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/22/7"
},
{
"name": "[linux-kernel] 20110419 Re: [PATCH] char: agp: fix OOM and buffer overflow",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2011/4/19/400"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5"
},
{
"name": "[linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflow",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2011/4/14/294"
}
]
}
}

170
2011/1xxx/CVE-2011-1788.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0008.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"
},
{
"name" : "47742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47742"
},
{
"name" : "72179",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72179"
},
{
"name" : "1025502",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025502"
},
{
"name" : "vcenter-soapid-info-disclosure(67304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47742"
},
{
"name": "[security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000137.html"
},
{
"name": "vcenter-soapid-info-disclosure(67304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67304"
},
{
"name": "72179",
"refsource": "OSVDB",
"url": "http://osvdb.org/72179"
},
{
"name": "1025502",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025502"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"
}
]
}
}

130
2011/4xxx/CVE-2011-4056.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf"
},
{
"name" : "http://www.usdata.com/sea/factorylink/en/p_nav5.asp",
"refsource" : "CONFIRM",
"url" : "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf"
},
{
"name": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp",
"refsource": "CONFIRM",
"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
}
]
}
}

200
2011/4xxx/CVE-2011-4340.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111101 XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2011/Nov/8"
},
{
"name" : "[oss-security] 20111122 Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/11/22/9"
},
{
"name" : "http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt"
},
{
"name" : "http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/",
"refsource" : "MISC",
"url" : "http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/"
},
{
"name" : "http://symphony-cms.com/download/releases/version/2.2.4/",
"refsource" : "CONFIRM",
"url" : "http://symphony-cms.com/download/releases/version/2.2.4/"
},
{
"name" : "76882",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/76882"
},
{
"name" : "76883",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/76883"
},
{
"name" : "46663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46663"
},
{
"name" : "symphony-multiple-xss(71106)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/"
},
{
"name": "20111101 XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2011/Nov/8"
},
{
"name": "symphony-multiple-xss(71106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71106"
},
{
"name": "76883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76883"
},
{
"name": "46663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46663"
},
{
"name": "76882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76882"
},
{
"name": "[oss-security] 20111122 Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/9"
},
{
"name": "http://symphony-cms.com/download/releases/version/2.2.4/",
"refsource": "CONFIRM",
"url": "http://symphony-cms.com/download/releases/version/2.2.4/"
},
{
"name": "http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt"
}
]
}
}

34
2011/4xxx/CVE-2011-4380.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4380",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4380",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

160
2011/4xxx/CVE-2011-4818.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2011-4818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name" : "IV09200",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
},
{
"name" : "52333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52333"
},
{
"name" : "48299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48299"
},
{
"name" : "maximo-uisessionid-open-redirect(72006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "maximo-uisessionid-open-redirect(72006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
},
{
"name": "48299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48299"
},
{
"name": "IV09200",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
},
{
"name": "52333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52333"
}
]
}
}

180
2011/4xxx/CVE-2011-4942.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110318 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/18/8"
},
{
"name" : "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/5"
},
{
"name" : "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/13"
},
{
"name" : "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting",
"refsource" : "MISC",
"url" : "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting"
},
{
"name" : "http://www.geeklog.net/article.php/geeklog-1.7.1sr1",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name" : "70245",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70245"
},
{
"name" : "42775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70245"
},
{
"name": "[oss-security] 20110318 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/8"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/13"
},
{
"name": "42775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42775"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/5"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting"
}
]
}
}

34
2011/5xxx/CVE-2011-5015.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5015",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5015",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/5xxx/CVE-2011-5244.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/04/21"
},
{
"name" : "http://git.gnome.org/browse/evince/commit/?id=439c5070022e",
"refsource" : "MISC",
"url" : "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
},
{
"name" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010",
"refsource" : "MISC",
"url" : "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=643882",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
},
{
"name" : "GLSA-201701-57",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-57"
},
{
"name" : "evince-token-code-exec(80271)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=643882",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
},
{
"name": "evince-token-code-exec(80271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
},
{
"name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010",
"refsource": "MISC",
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e",
"refsource": "MISC",
"url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
}
]
}
}

130
2014/2xxx/CVE-2014-2186.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186"
},
{
"name" : "1030173",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186"
},
{
"name": "1030173",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030173"
}
]
}
}

220
2014/2xxx/CVE-2014-2285.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws",
"refsource" : "MLIST",
"url" : "http://comments.gmane.org/gmane.comp.security.oss.general/12284"
},
{
"name" : "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html",
"refsource" : "MISC",
"url" : "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"
},
{
"name" : "http://sourceforge.net/p/net-snmp/patches/1275/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/net-snmp/patches/1275/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072044",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072778",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "GLSA-201409-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"name" : "RHSA-2014:0322",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name" : "openSUSE-SU-2014:0398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"
},
{
"name" : "openSUSE-SU-2014:0399",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"
},
{
"name" : "59974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"
},
{
"name": "openSUSE-SU-2014:0398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"
},
{
"name": "openSUSE-SU-2014:0399",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"
},
{
"name": "RHSA-2014:0322",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"
},
{
"name": "59974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59974"
},
{
"name": "GLSA-201409-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"
},
{
"name": "http://sourceforge.net/p/net-snmp/patches/1275/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/patches/1275/"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html",
"refsource": "MISC",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"
},
{
"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"
}
]
}
}

180
2014/2xxx/CVE-2014-2484.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "SUSE-SU-2014:1072",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name" : "1030578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030578"
},
{
"name" : "60425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "1030578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030578"
},
{
"name": "SUSE-SU-2014:1072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "60425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60425"
}
]
}
}

130
2014/2xxx/CVE-2014-2648.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU03127",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866"
},
{
"name" : "SSRT101727",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101727",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866"
},
{
"name": "HPSBMU03127",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866"
}
]
}
}

140
2014/2xxx/CVE-2014-2772.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2776."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-035",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name" : "67857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67857"
},
{
"name" : "1030370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2776."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name": "67857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67857"
}
]
}
}

120
2014/3xxx/CVE-2014-3043.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004811"
}
]
}
}

160
2014/3xxx/CVE-2014-3131.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/300"
},
{
"name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007",
"refsource" : "MISC",
"url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "https://service.sap.com/sap/support/notes/1917381",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1917381"
},
{
"name" : "67103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.sap.com/sap/support/notes/1917381",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1917381"
},
{
"name": "20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/300"
},
{
"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007",
"refsource": "MISC",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007"
},
{
"name": "67103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67103"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
}
]
}
}

170
2014/3xxx/CVE-2014-3589.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d",
"refsource" : "CONFIRM",
"url" : "https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d"
},
{
"name" : "https://pypi.python.org/pypi/Pillow/2.3.2",
"refsource" : "CONFIRM",
"url" : "https://pypi.python.org/pypi/Pillow/2.3.2"
},
{
"name" : "https://pypi.python.org/pypi/Pillow/2.5.2",
"refsource" : "CONFIRM",
"url" : "https://pypi.python.org/pypi/Pillow/2.5.2"
},
{
"name" : "DSA-3009",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3009"
},
{
"name" : "openSUSE-SU-2015:0798",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html"
},
{
"name" : "59825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pypi.python.org/pypi/Pillow/2.5.2",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/Pillow/2.5.2"
},
{
"name": "openSUSE-SU-2015:0798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html"
},
{
"name": "https://pypi.python.org/pypi/Pillow/2.3.2",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/Pillow/2.3.2"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d",
"refsource": "CONFIRM",
"url": "https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d"
},
{
"name": "DSA-3009",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3009"
},
{
"name": "59825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59825"
}
]
}
}

34
2014/6xxx/CVE-2014-6367.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6367",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-6367",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

280
2014/6xxx/CVE-2014-6513.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03218",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name" : "SSRT101770",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name" : "SUSE-SU-2014:1422",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html"
},
{
"name" : "SUSE-SU-2014:1526",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name" : "SUSE-SU-2014:1549",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name" : "SUSE-SU-2015:0344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"name" : "SUSE-SU-2015:0345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name" : "SUSE-SU-2015:0392",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name" : "USN-2386-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2386-1"
},
{
"name" : "USN-2388-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2388-1"
},
{
"name" : "USN-2388-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2388-2"
},
{
"name" : "70569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70569"
},
{
"name" : "61629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61629"
},
{
"name" : "61609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61609"
},
{
"name": "70569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70569"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"name": "USN-2386-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2386-1"
},
{
"name": "USN-2388-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2388-1"
},
{
"name": "HPSBUX03218",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name": "61629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61629"
},
{
"name": "SUSE-SU-2014:1549",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"name": "USN-2388-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2388-2"
},
{
"name": "SUSE-SU-2014:1422",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html"
},
{
"name": "SUSE-SU-2015:0392",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"name": "SUSE-SU-2014:1526",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"name": "SUSE-SU-2015:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "SSRT101770",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "SUSE-SU-2015:0344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6639.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6639",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#417937",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/417937"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#417937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/417937"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6924.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#666801",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/666801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#666801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/666801"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6927.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#279777",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/279777"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#279777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/279777"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7097.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7097",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7097",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7614.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#763601",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/763601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#763601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/763601"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7731.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#899209",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/899209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#899209",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/899209"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7922.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html",
"refsource" : "MISC",
"url" : "http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html"
},
{
"name" : "https://gist.github.com/isciurus/df4d7edd9c3efb4a0753",
"refsource" : "MISC",
"url" : "https://gist.github.com/isciurus/df4d7edd9c3efb4a0753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/isciurus/df4d7edd9c3efb4a0753",
"refsource": "MISC",
"url": "https://gist.github.com/isciurus/df4d7edd9c3efb4a0753"
},
{
"name": "http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html",
"refsource": "MISC",
"url": "http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html"
}
]
}
}

34
2014/7xxx/CVE-2014-7964.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7964",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7964",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2016/2xxx/CVE-2016-2996.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988706",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706"
}
]
}
}

140
2017/0xxx/CVE-2017-0444.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name" : "96107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96107"
},
{
"name" : "1037798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "96107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96107"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

162
2017/0xxx/CVE-2017-0873.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-0873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102126"
}
]
}
}

150
2017/18xxx/CVE-2017-18343.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/barryvdh/laravel-debugbar/issues/850",
"refsource" : "MISC",
"url" : "https://github.com/barryvdh/laravel-debugbar/issues/850"
},
{
"name" : "https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c",
"refsource" : "MISC",
"url" : "https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c"
},
{
"name" : "https://github.com/symfony/symfony/issues/27987",
"refsource" : "MISC",
"url" : "https://github.com/symfony/symfony/issues/27987"
},
{
"name" : "https://github.com/symfony/symfony/pull/23684",
"refsource" : "MISC",
"url" : "https://github.com/symfony/symfony/pull/23684"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symfony/symfony/pull/23684",
"refsource": "MISC",
"url": "https://github.com/symfony/symfony/pull/23684"
},
{
"name": "https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c",
"refsource": "MISC",
"url": "https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c"
},
{
"name": "https://github.com/symfony/symfony/issues/27987",
"refsource": "MISC",
"url": "https://github.com/symfony/symfony/issues/27987"
},
{
"name": "https://github.com/barryvdh/laravel-debugbar/issues/850",
"refsource": "MISC",
"url": "https://github.com/barryvdh/laravel-debugbar/issues/850"
}
]
}
}

154
2017/1xxx/CVE-2017-1290.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00",
"ID" : "CVE-2017-1290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenPages GRC Platform",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-10-27T00:00:00",
"ID": "CVE-2017-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenPages GRC Platform",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22009770",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22009770"
},
{
"name" : "101684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101684"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22009770",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22009770"
},
{
"name": "101684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101684"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125151"
}
]
}
}

34
2017/1xxx/CVE-2017-1630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5265.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5265",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5265",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5285",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5285",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2017/5xxx/CVE-2017-5391.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "51"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Special \"about:\" pages used by web content, such as RSS feeds, can load privileged \"about:\" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Content about: pages can load privileged about: pages"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309310",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309310"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name" : "95763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95763"
},
{
"name" : "1037693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Special \"about:\" pages used by web content, such as RSS feeds, can load privileged \"about:\" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content about: pages can load privileged about: pages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309310",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309310"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "95763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95763"
}
]
}
}

184
2017/5xxx/CVE-2017-5413.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Segmentation fault during bidirectional operations"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1337504",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1337504"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Segmentation fault during bidirectional operations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1337504",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1337504"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
}
]
}
}