admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:38:35 +00:00
parent 6f013e9c47
commit e040d51aa1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3355 additions and 3355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
2006/0xxx/CVE-2006-0403.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0403",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the \"monthly\" parameter, but this is incorrect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060122 [eVuln] e-moBLOG SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422938/100/0/threaded"
},
{
"name" : "20060125 The parameter in e-moBLOG is \"monthy\" [sic]",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-January/000511.html"
},
{
"name" : "http://evuln.com/vulns/43/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/43/summary.html"
},
{
"name" : "16344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16344"
},
{
"name" : "ADV-2006-0296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0296"
},
{
"name" : "22700",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22700"
},
{
"name" : "22701",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22701"
},
{
"name" : "1015524",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015524"
},
{
"name" : "18567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18567"
},
{
"name" : "370",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/370"
},
{
"name" : "emoblog-index-sql-injection(24245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24245"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the \"monthly\" parameter, but this is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16344"
},
{
"name": "22701",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22701"
},
{
"name": "http://evuln.com/vulns/43/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/43/summary.html"
},
{
"name": "22700",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22700"
},
{
"name": "emoblog-index-sql-injection(24245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24245"
},
{
"name": "370",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/370"
},
{
"name": "1015524",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015524"
},
{
"name": "20060125 The parameter in e-moBLOG is \"monthy\" [sic]",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-January/000511.html"
},
{
"name": "18567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18567"
},
{
"name": "ADV-2006-0296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0296"
},
{
"name": "20060122 [eVuln] e-moBLOG SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422938/100/0/threaded"
}
]
}
}

158
2006/3xxx/CVE-2006-3307.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zoidtechnologies.com/projects/bbsengine/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://www.zoidtechnologies.com/projects/bbsengine/ChangeLog"
},
{
"name" : "18627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18627"
},
{
"name" : "ADV-2006-2503",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2503"
},
{
"name" : "20760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20760"
},
{
"name" : "projecteros-aolbonics-sql-injection(27408)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27408"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20760"
},
{
"name": "projecteros-aolbonics-sql-injection(27408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27408"
},
{
"name": "ADV-2006-2503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2503"
},
{
"name": "http://www.zoidtechnologies.com/projects/bbsengine/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.zoidtechnologies.com/projects/bbsengine/ChangeLog"
},
{
"name": "18627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18627"
}
]
}
}

168
2006/3xxx/CVE-2006-3509.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-09-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name" : "VU#563492",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/563492"
},
{
"name" : "20144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20144"
},
{
"name" : "ADV-2006-3737",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name" : "1016903",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016903"
},
{
"name" : "22068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22068"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22068"
},
{
"name": "ADV-2006-3737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name": "APPLE-SA-2006-09-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name": "VU#563492",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/563492"
},
{
"name": "1016903",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016903"
},
{
"name": "20144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20144"
}
]
}
}

208
2006/4xxx/CVE-2006-4586.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060903 Tr Forum V2.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445079/100/0/threaded"
},
{
"name" : "http://acid-root.new.fr/poc/10060903.txt",
"refsource" : "MISC",
"url" : "http://acid-root.new.fr/poc/10060903.txt"
},
{
"name" : "2297",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2297"
},
{
"name" : "19834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19834"
},
{
"name" : "ADV-2006-3452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3452"
},
{
"name" : "28542",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28542"
},
{
"name" : "1016788",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016788"
},
{
"name" : "21754",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21754"
},
{
"name" : "1508",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1508"
},
{
"name" : "tr-forum-membres-security-bypass(28756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28756"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28542",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28542"
},
{
"name": "1508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1508"
},
{
"name": "20060903 Tr Forum V2.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445079/100/0/threaded"
},
{
"name": "tr-forum-membres-security-bypass(28756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28756"
},
{
"name": "ADV-2006-3452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3452"
},
{
"name": "21754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21754"
},
{
"name": "19834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19834"
},
{
"name": "2297",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2297"
},
{
"name": "http://acid-root.new.fr/poc/10060903.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/poc/10060903.txt"
},
{
"name": "1016788",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016788"
}
]
}
}

268
2006/4xxx/CVE-2006-4807.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz",
"refsource" : "MISC",
"url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name" : "GLSA-200612-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name" : "MDKSA-2006:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name" : "MDKSA-2007:156",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name" : "SUSE-SR:2006:026",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name" : "USN-376-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-376-1"
},
{
"name" : "USN-376-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name" : "20903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20903"
},
{
"name" : "ADV-2006-4349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name" : "30102",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30102"
},
{
"name" : "22732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22732"
},
{
"name" : "22744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22744"
},
{
"name" : "22752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22752"
},
{
"name" : "23441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23441"
},
{
"name" : "22932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22932"
},
{
"name" : "imlib2-loadertgac-dos(30066)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30066"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "SUSE-SR:2006:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "30102",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30102"
},
{
"name": "20903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20903"
},
{
"name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz",
"refsource": "MISC",
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "USN-376-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "GLSA-200612-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "imlib2-loadertgac-dos(30066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30066"
},
{
"name": "23441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-376-1"
}
]
}
}

118
2006/4xxx/CVE-2006-4936.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Release_notes#Moodle_1.6.2"
}
]
}
}

128
2006/6xxx/CVE-2006-6069.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061120 mAlbum v0.3 Multiple vulnerabilitizzz",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452169/100/0/threaded"
},
{
"name" : "malbum-index-path-disclosure(30430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30430"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061120 mAlbum v0.3 Multiple vulnerabilitizzz",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452169/100/0/threaded"
},
{
"name": "malbum-index-path-disclosure(30430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30430"
}
]
}
}

198
2006/6xxx/CVE-2006-6425.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061223 ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455200/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html"
},
{
"name" : "VU#258753",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/258753"
},
{
"name" : "21723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21723"
},
{
"name" : "ADV-2006-5134",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5134"
},
{
"name" : "1017437",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017437"
},
{
"name" : "23437",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23437"
},
{
"name" : "2080",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2080"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061223 ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455200/100/0/threaded"
},
{
"name": "21723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21723"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html"
},
{
"name": "ADV-2006-5134",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5134"
},
{
"name": "1017437",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017437"
},
{
"name": "VU#258753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/258753"
},
{
"name": "2080",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2080"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-054.html"
},
{
"name": "23437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23437"
}
]
}
}

138
2006/6xxx/CVE-2006-6702.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.atmail.com/view_article.php?num=669",
"refsource" : "MISC",
"url" : "http://kb.atmail.com/view_article.php?num=669"
},
{
"name" : "http://support.atmail.com/changelog.html",
"refsource" : "MISC",
"url" : "http://support.atmail.com/changelog.html"
},
{
"name" : "ADV-2006-5127",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5127"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5127"
},
{
"name": "http://support.atmail.com/changelog.html",
"refsource": "MISC",
"url": "http://support.atmail.com/changelog.html"
},
{
"name": "http://kb.atmail.com/view_article.php?num=669",
"refsource": "MISC",
"url": "http://kb.atmail.com/view_article.php?num=669"
}
]
}
}

218
2006/7xxx/CVE-2006-7225.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a \"malformed POSIX character class\", as demonstrated via an invalid character after a [[ sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-7225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=384761",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=384761"
},
{
"name" : "http://www.pcre.org/changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://www.pcre.org/changelog.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name" : "MDVSA-2008:030",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name" : "RHSA-2007:1059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name" : "RHSA-2007:1068",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name" : "SUSE-SA:2008:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name" : "26725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26725"
},
{
"name" : "oval:org.mitre.oval:def:10985",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10985"
},
{
"name" : "28041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28041"
},
{
"name" : "28658",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28658"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a \"malformed POSIX character class\", as demonstrated via an invalid character after a [[ sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10985"
},
{
"name": "26725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26725"
},
{
"name": "MDVSA-2008:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030"
},
{
"name": "SUSE-SA:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"
},
{
"name": "28658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28658"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-505.htm"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=384761",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=384761"
},
{
"name": "RHSA-2007:1068",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1068.html"
},
{
"name": "RHSA-2007:1059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1059.html"
},
{
"name": "28041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28041"
},
{
"name": "http://www.pcre.org/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.pcre.org/changelog.txt"
}
]
}
}

168
2010/2xxx/CVE-2010-2080.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource" : "CONFIRM",
"url" : "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "43264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43264"
},
{
"name" : "41381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41381"
},
{
"name" : "otrs-unspecified-xss(61868)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-2080",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"
},
{
"name": "41381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41381"
},
{
"name": "http://otrs.org/advisory/OSA-2010-02-en/",
"refsource": "CONFIRM",
"url": "http://otrs.org/advisory/OSA-2010-02-en/"
},
{
"name": "otrs-unspecified-xss(61868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61868"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "43264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43264"
}
]
}
}

148
2010/2xxx/CVE-2010-2113.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html"
},
{
"name" : "64858",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64858"
},
{
"name" : "39913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39913"
},
{
"name" : "uniform-server-unspecified-csrf(58844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58844"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) mqsetup.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/05/uniform-server-565-xsrf.html"
},
{
"name": "64858",
"refsource": "OSVDB",
"url": "http://osvdb.org/64858"
},
{
"name": "uniform-server-unspecified-csrf(58844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58844"
},
{
"name": "39913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39913"
}
]
}
}

138
2010/2xxx/CVE-2010-2529.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MDVSA-2010:138",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:138"
},
{
"name" : "41911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41911"
},
{
"name" : "ADV-2010-1890",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1890"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:138",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:138"
},
{
"name": "ADV-2010-1890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1890"
},
{
"name": "41911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41911"
}
]
}
}

148
2010/2xxx/CVE-2010-2637.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007069"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name" : "IZ56005",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005"
},
{
"name" : "wmq-net-pass-info-disclosure(63114)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007069"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224"
},
{
"name": "wmq-net-pass-info-disclosure(63114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63114"
},
{
"name": "IZ56005",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005"
}
]
}
}

358
2010/2xxx/CVE-2010-2808.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128110167119337&w=2"
},
{
"name" : "[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128111955616772&w=2"
},
{
"name" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2",
"refsource" : "CONFIRM",
"url" : "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975"
},
{
"name" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=621907",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=621907"
},
{
"name" : "https://savannah.nongnu.org/bugs/?30658",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?30658"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "http://support.apple.com/kb/HT4457",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4457"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "RHSA-2010:0737",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0737.html"
},
{
"name" : "RHSA-2010:0864",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0864.html"
},
{
"name" : "USN-972-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-972-1"
},
{
"name" : "42285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42285"
},
{
"name" : "40816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40816"
},
{
"name" : "40982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40982"
},
{
"name" : "42317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42317"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "ADV-2010-2018",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2018"
},
{
"name" : "ADV-2010-2106",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2106"
},
{
"name" : "ADV-2010-3045",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975"
},
{
"name": "ADV-2010-3045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"name": "https://savannah.nongnu.org/bugs/?30658",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30658"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
},
{
"name": "http://support.apple.com/kb/HT4457",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4457"
},
{
"name": "ADV-2010-2018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2018"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "RHSA-2010:0737",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0737.html"
},
{
"name": "USN-972-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-972-1"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128111955616772&w=2"
},
{
"name": "42317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42317"
},
{
"name": "40816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40816"
},
{
"name": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2",
"refsource": "CONFIRM",
"url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
},
{
"name": "RHSA-2010:0864",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0864.html"
},
{
"name": "40982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40982"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=621907",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621907"
},
{
"name": "ADV-2010-2106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2106"
},
{
"name": "[oss-security] 20100806 CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128110167119337&w=2"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "42285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42285"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

268
2010/3xxx/CVE-2010-3778.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=411835",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=411835"
},
{
"name" : "DSA-2132",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2132"
},
{
"name" : "FEDORA-2010-18890",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name" : "FEDORA-2010-18920",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name" : "MDVSA-2010:258",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
},
{
"name" : "SUSE-SA:2011:003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name" : "USN-1019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name" : "USN-1020-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1020-1"
},
{
"name" : "45344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45344"
},
{
"name" : "oval:org.mitre.oval:def:12622",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12622"
},
{
"name" : "1024846",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024846"
},
{
"name" : "1024848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024848"
},
{
"name" : "42716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42716"
},
{
"name" : "42818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42818"
},
{
"name" : "ADV-2011-0030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0030"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-74.html"
},
{
"name": "MDVSA-2010:258",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
},
{
"name": "USN-1019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name": "42818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42818"
},
{
"name": "1024846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024846"
},
{
"name": "oval:org.mitre.oval:def:12622",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12622"
},
{
"name": "45344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45344"
},
{
"name": "DSA-2132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2132"
},
{
"name": "1024848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024848"
},
{
"name": "FEDORA-2010-18920",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name": "ADV-2011-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0030"
},
{
"name": "FEDORA-2010-18890",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=411835",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=411835"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "USN-1020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1020-1"
}
]
}
}

258
2011/0xxx/CVE-2011-0096.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka \"MHTML Mime-Formatted Request Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16071",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16071"
},
{
"name" : "http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html",
"refsource" : "MISC",
"url" : "http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html"
},
{
"name" : "http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/2501696.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/2501696.mspx"
},
{
"name" : "MS11-026",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "VU#326549",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/326549"
},
{
"name" : "46055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46055"
},
{
"name" : "70693",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70693"
},
{
"name" : "oval:org.mitre.oval:def:6956",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956"
},
{
"name" : "1025003",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025003"
},
{
"name" : "43093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43093"
},
{
"name" : "ADV-2011-0242",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0242"
},
{
"name" : "ms-win-mhtml-info-disclosure(65000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65000"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka \"MHTML Mime-Formatted Request Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#326549",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/326549"
},
{
"name": "http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html",
"refsource": "MISC",
"url": "http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html"
},
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "46055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46055"
},
{
"name": "MS11-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx"
},
{
"name": "1025003",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025003"
},
{
"name": "oval:org.mitre.oval:def:6956",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/2501696.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/2501696.mspx"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx"
},
{
"name": "16071",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16071"
},
{
"name": "70693",
"refsource": "OSVDB",
"url": "http://osvdb.org/70693"
},
{
"name": "43093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43093"
},
{
"name": "ms-win-mhtml-info-disclosure(65000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65000"
},
{
"name": "ADV-2011-0242",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0242"
}
]
}
}

32
2011/0xxx/CVE-2011-0363.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0363",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0363",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/0xxx/CVE-2011-0998.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0998",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0998",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

218
2011/1xxx/CVE-2011-1233.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47233"
},
{
"name" : "71739",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71739"
},
{
"name" : "oval:org.mitre.oval:def:11812",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11812"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var21-priv-escalation(66415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66415"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "oval:org.mitre.oval:def:11812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11812"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "71739",
"refsource": "OSVDB",
"url": "http://osvdb.org/71739"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "47233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47233"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "mswin-win32k-var21-priv-escalation(66415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66415"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
}
]
}
}

188
2011/1xxx/CVE-2011-1838.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110518 XSS vulnerability in TWiki < 5.0.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"name" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/",
"refsource" : "MISC",
"url" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838",
"refsource" : "CONFIRM",
"url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"name" : "47899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47899"
},
{
"name" : "1025542",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025542"
},
{
"name" : "44594",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44594"
},
{
"name" : "8257",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8257"
},
{
"name" : "ADV-2011-1258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1258"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"name": "1025542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025542"
},
{
"name": "20110518 XSS vulnerability in TWiki < 5.0.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"name": "ADV-2011-1258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1258"
},
{
"name": "8257",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8257"
},
{
"name": "47899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47899"
},
{
"name": "44594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44594"
}
]
}
}

128
2011/4xxx/CVE-2011-4503.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.upnp-hacks.org/suspect.html",
"refsource" : "MISC",
"url" : "http://www.upnp-hacks.org/suspect.html"
},
{
"name" : "VU#357851",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/suspect.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}

118
2014/2xxx/CVE-2014-2417.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

32
2014/2xxx/CVE-2014-2924.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2924",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2924",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/3xxx/CVE-2014-3151.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3151",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3151",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2014/3xxx/CVE-2014-3920.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140702 Cross-Site Request Forgery (CSRF) in Kanboard",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23217",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23217"
},
{
"name" : "http://kanboard.net/news",
"refsource" : "CONFIRM",
"url" : "http://kanboard.net/news"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140702 Cross-Site Request Forgery (CSRF) in Kanboard",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532619/100/0/threaded"
},
{
"name": "http://kanboard.net/news",
"refsource": "CONFIRM",
"url": "http://kanboard.net/news"
},
{
"name": "https://www.htbridge.com/advisory/HTB23217",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23217"
}
]
}
}

138
2014/6xxx/CVE-2014-6135.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035"
},
{
"name" : "1031427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031427"
},
{
"name" : "ibm-appscan-cve20146135-clickjacking(96815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96815"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031427"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035"
},
{
"name": "ibm-appscan-cve20146135-clickjacking(96815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96815"
}
]
}
}

32
2014/6xxx/CVE-2014-6156.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6156",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6156",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/6xxx/CVE-2014-6570.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "1031583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031583"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031583"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

138
2014/6xxx/CVE-2014-6813.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The klassens (aka com.mcreda.klassens.apps) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#814817",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/814817"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The klassens (aka com.mcreda.klassens.apps) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#814817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/814817"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6958.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#644449",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/644449"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#644449",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/644449"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/6xxx/CVE-2014-6961.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#315505",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/315505"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#315505",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/315505"
}
]
}
}

138
2014/7xxx/CVE-2014-7327.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#656329",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/656329"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#656329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/656329"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7533.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#396729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/396729"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#396729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/396729"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

32
2014/7xxx/CVE-2014-7684.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7684",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7684",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

188
2014/8xxx/CVE-2014-8111.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-3278",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3278"
},
{
"name" : "RHSA-2015:0846",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name" : "RHSA-2015:0847",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name" : "RHSA-2015:0848",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name" : "RHSA-2015:0849",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name" : "RHSA-2015:1641",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name" : "RHSA-2015:1642",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name" : "74265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74265"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "DSA-3278",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:1642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "74265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74265"
}
]
}
}

32
2016/2xxx/CVE-2016-2137.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2137",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2137",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

118
2016/2xxx/CVE-2016-2304.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}

32
2017/18xxx/CVE-2017-18156.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18156",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18156",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2017/1xxx/CVE-2017-1194.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IBM WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22001226",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name" : "98142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98142"
},
{
"name" : "1038378",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038378"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98142"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038378"
}
]
}
}

286
2017/1xxx/CVE-2017-1306.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-28T00:00:00",
"ID" : "CVE-2017-1306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
},
{
"product_name" : "Rational Collaborative Lifecycle Management",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-28T00:00:00",
"ID": "CVE-2017-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-prd-trops.events.ibm.com/node/715749",
"refsource" : "CONFIRM",
"url" : "https://www-prd-trops.events.ibm.com/node/715749"
},
{
"name" : "ibm-rqm-cve20171306-xss(125460)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-rqm-cve20171306-xss(125460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460"
},
{
"name": "https://www-prd-trops.events.ibm.com/node/715749",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715749"
}
]
}
}

146
2017/1xxx/CVE-2017-1558.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-11T00:00:00",
"ID" : "CVE-2017-1558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "7.5"
},
{
"version_value" : "7.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-11T00:00:00",
"ID": "CVE-2017-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010595",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"name" : "102211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102211"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102211"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010595",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
]
}
}

130
2017/1xxx/CVE-2017-1746.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-1746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tivoli Components",
"version" : {
"version_data" : [
{
"version_value" : "1.1.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-19T00:00:00",
"ID": "CVE-2017-1746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Components",
"version": {
"version_data": [
{
"version_value": "1.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135519",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135519"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22011308",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011308"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135519",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135519"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22011308",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011308"
}
]
}
}

120
2017/5xxx/CVE-2017-5699.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00",
"ID" : "CVE-2017-5699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MinnowBoard 3",
"version" : {
"version_data" : [
{
"version_value" : "before 0.65"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-11T00:00:00",
"ID": "CVE-2017-5699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MinnowBoard 3",
"version": {
"version_data": [
{
"version_value": "before 0.65"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html",
"refsource" : "CONFIRM",
"url" : "https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html",
"refsource": "CONFIRM",
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html"
}
]
}
}

118
2017/5xxx/CVE-2017-5873.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41",
"refsource" : "CONFIRM",
"url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41",
"refsource": "CONFIRM",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41"
}
]
}
}

32
2017/5xxx/CVE-2017-5922.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5922",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5922",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/5xxx/CVE-2017-5952.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5952",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5952",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}