admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:08:28 +00:00
parent f688e4351b
commit e1f1aa3d43
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3840 additions and 3840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2006/2xxx/CVE-2006-2049.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2049",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2049",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060425 DCForumLite V 3.0<--XSS/SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432010/100/0/threaded"
"name": "19815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19815"
},
{
"name" : "17697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17697"
"name": "17697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17697"
},
{
"name" : "ADV-2006-1532",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1532"
"name": "24988",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24988"
},
{
"name" : "24988",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24988"
"name": "792",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/792"
},
{
"name" : "19815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19815"
"name": "ADV-2006-1532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1532"
},
{
"name" : "792",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/792"
"name": "20060425 DCForumLite V 3.0<--XSS/SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432010/100/0/threaded"
},
{
"name" : "dcforumlite-dcboard-xss(26083)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26083"
"name": "dcforumlite-dcboard-xss(26083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26083"
}
]
}

86
2006/2xxx/CVE-2006-2352.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2352",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2352",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "ADV-2006-1787",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1787"
"name": "whatsup-tools-deviceselection-xss(26501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26501"
},
{
"name" : "25471",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25471"
"name": "20075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20075"
},
{
"name" : "25472",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25472"
"name": "25471",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25471"
},
{
"name" : "20075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20075"
"name": "ADV-2006-1787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1787"
},
{
"name" : "whatsup-tools-deviceselection-xss(26501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26501"
"name": "25472",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25472"
}
]
}

80
2006/2xxx/CVE-2006-2683.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2683",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2683",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1824",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1824"
"name": "ADV-2006-1977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1977"
},
{
"name" : "ADV-2006-1977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1977"
"name": "openmedium-404-file-include(26773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26773"
},
{
"name" : "20301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20301"
"name": "1824",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1824"
},
{
"name" : "openmedium-404-file-include(26773)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26773"
"name": "20301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20301"
}
]
}

86
2006/3xxx/CVE-2006-3079.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3079",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3079",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pridels0.blogspot.com/2006/06/sspwiz-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/sspwiz-xss-vuln.html"
"name": "http://pridels0.blogspot.com/2006/06/sspwiz-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/sspwiz-xss-vuln.html"
},
{
"name" : "18482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18482"
"name": "sspwiz-index-xss(27149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27149"
},
{
"name" : "26532",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26532"
"name": "26532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26532"
},
{
"name" : "20698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20698"
"name": "18482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18482"
},
{
"name" : "sspwiz-index-xss(27149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27149"
"name": "20698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20698"
}
]
}

80
2006/3xxx/CVE-2006-3663.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3663",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3663",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6."
"lang": "eng",
"value": "Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060711 [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440128/100/0/threaded"
"name": "20060711 [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047797.html"
},
{
"name" : "20060711 [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047797.html"
"name": "finjan-backup-plaintext-password(27709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27709"
},
{
"name" : "18940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18940"
"name": "20060711 [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440128/100/0/threaded"
},
{
"name" : "finjan-backup-plaintext-password(27709)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27709"
"name": "18940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18940"
}
]
}

92
2006/6xxx/CVE-2006-6154.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6154",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6154",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080730 HIOX Star Rating System 1.0 Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494928/100/0/threaded"
"name": "21280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21280"
},
{
"name" : "2838",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2838"
"name": "20080730 HIOX Star Rating System 1.0 Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494928/100/0/threaded"
},
{
"name" : "21280",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21280"
"name": "23078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23078"
},
{
"name" : "ADV-2006-4689",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4689"
"name": "ADV-2006-4689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4689"
},
{
"name" : "23078",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23078"
"name": "hsrs-addcode-file-include(30527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30527"
},
{
"name" : "hsrs-addcode-file-include(30527)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30527"
"name": "2838",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2838"
}
]
}

80
2006/6xxx/CVE-2006-6240.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6240",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6240",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "21339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21339"
"name": "22921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22921"
},
{
"name" : "ADV-2006-4765",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4765"
"name": "sorinchitu-unspecified-directory-traversal(30582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30582"
},
{
"name" : "22921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22921"
"name": "21339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21339"
},
{
"name" : "sorinchitu-unspecified-directory-traversal(30582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30582"
"name": "ADV-2006-4765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4765"
}
]
}

74
2006/6xxx/CVE-2006-6261.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6261",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6261",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields."
"lang": "eng",
"value": "Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "2860",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2860"
"name": "2860",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2860"
},
{
"name" : "21331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21331"
"name": "21331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21331"
},
{
"name" : "quintessential-player-code-execution(30559)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30559"
"name": "quintessential-player-code-execution(30559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30559"
}
]
}

80
2006/6xxx/CVE-2006-6459.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6459",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6459",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action)."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061208 PhpBB Toplist 1.3.7 Xss Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453923/100/0/threaded"
"name": "2015",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2015"
},
{
"name" : "21506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21506"
"name": "21506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21506"
},
{
"name" : "2015",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2015"
"name": "20061208 PhpBB Toplist 1.3.7 Xss Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453923/100/0/threaded"
},
{
"name" : "phpbbtoplist-toplist-xss(30808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30808"
"name": "phpbbtoplist-toplist-xss(30808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30808"
}
]
}

74
2006/6xxx/CVE-2006-6900.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6900",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6900",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an \"implementation bug.\""
"lang": "eng",
"value": "Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an \"implementation bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name" : "37608",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37608"
"name": "37608",
"refsource": "OSVDB",
"url": "http://osvdb.org/37608"
}
]
}

98
2006/6xxx/CVE-2006-6925.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6925",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6925",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html"
"name": "ADV-2006-4485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4485"
},
{
"name" : "20988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20988"
"name": "20996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20996"
},
{
"name" : "20996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20996"
"name": "20988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20988"
},
{
"name" : "ADV-2006-4485",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4485"
"name": "22793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22793"
},
{
"name" : "22793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22793"
"name": "bitweaver-edit-post-xss(30167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30167"
},
{
"name" : "2144",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2144"
"name": "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html"
},
{
"name" : "bitweaver-edit-post-xss(30167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30167"
"name": "2144",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2144"
}
]
}

86
2006/7xxx/CVE-2006-7073.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7073",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7073",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469"
"name": "21787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21787"
},
{
"name" : "19888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19888"
"name": "attachment-uploaded-xss(28788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28788"
},
{
"name" : "ADV-2006-3499",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3499"
"name": "ADV-2006-3499",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3499"
},
{
"name" : "21787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21787"
"name": "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=66311&release_id=445469"
},
{
"name" : "attachment-uploaded-xss(28788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28788"
"name": "19888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19888"
}
]
}

22
2011/0xxx/CVE-2011-0023.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0023",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0023",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2011/0xxx/CVE-2011-0334.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0334",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-0334",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file."
"lang": "eng",
"value": "Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://secunia.com/secunia_research/2011-67/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-67/"
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678939",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678939"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7009210",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7009210"
"name": "http://www.novell.com/support/viewContent.do?externalId=7009210",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7009210"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=678939",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=678939"
"name": "http://secunia.com/secunia_research/2011-67/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-67/"
}
]
}

206
2011/0xxx/CVE-2011-0611.json
View File

@ -1,181 +1,181 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0611",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0611",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
"lang": "eng",
"value": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "17175",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17175"
"name": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
"refsource": "MISC",
"url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
},
{
"name" : "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html",
"refsource" : "MISC",
"url" : "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
"name": "oval:org.mitre.oval:def:14175",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
},
{
"name" : "http://secunia.com/blog/210/",
"refsource" : "MISC",
"url" : "http://secunia.com/blog/210/"
"name": "47314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47314"
},
{
"name" : "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
"name": "http://secunia.com/blog/210/",
"refsource": "MISC",
"url": "http://secunia.com/blog/210/"
},
{
"name" : "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
"refsource" : "MISC",
"url" : "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
"name": "8204",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8204"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa11-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa11-02.html"
"name": "ADV-2011-0922",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0922"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
"name": "RHSA-2011:0451",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
"name": "SUSE-SA:2011:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
"name": "http://www.adobe.com/support/security/bulletins/apsb11-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
},
{
"name" : "RHSA-2011:0451",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
"name": "8292",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8292"
},
{
"name" : "SUSE-SA:2011:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
"name": "44149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44149"
},
{
"name" : "VU#230057",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/230057"
"name": "44141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44141"
},
{
"name" : "47314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47314"
"name": "adobe-flash-swf-doc-ce(66681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
},
{
"name" : "oval:org.mitre.oval:def:14175",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
"name": "ADV-2011-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0924"
},
{
"name" : "1025324",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025324"
"name": "1025325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025325"
},
{
"name" : "1025325",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025325"
"name": "17175",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17175"
},
{
"name" : "44141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44141"
"name": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
},
{
"name" : "44149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44149"
"name": "44119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44119"
},
{
"name" : "44119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44119"
"name": "VU#230057",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/230057"
},
{
"name" : "8204",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8204"
"name": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html",
"refsource": "MISC",
"url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
},
{
"name" : "8292",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8292"
"name": "ADV-2011-0923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0923"
},
{
"name" : "ADV-2011-0922",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0922"
"name": "http://www.adobe.com/support/security/advisories/apsa11-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
},
{
"name" : "ADV-2011-0923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0923"
"name": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
},
{
"name" : "ADV-2011-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0924"
"name": "http://www.adobe.com/support/security/bulletins/apsb11-08.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
},
{
"name" : "adobe-flash-swf-doc-ce(66681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
"name": "1025324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025324"
}
]
}

92
2011/1xxx/CVE-2011-1197.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1197",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1197",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
"lang": "eng",
"value": "Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=72028",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=72028"
"name": "google-table-painting-dos(65961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65961"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name" : "46785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46785"
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name" : "oval:org.mitre.oval:def:14703",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14703"
"name": "http://code.google.com/p/chromium/issues/detail?id=72028",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=72028"
},
{
"name" : "ADV-2011-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0628"
"name": "oval:org.mitre.oval:def:14703",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14703"
},
{
"name" : "google-table-painting-dos(65961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65961"
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}

68
2011/1xxx/CVE-2011-1270.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1270",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1270",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"Presentation Buffer Overrun RCE Vulnerability.\""
"lang": "eng",
"value": "Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka \"Presentation Buffer Overrun RCE Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS11-036",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
"name": "MS11-036",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-036"
},
{
"name" : "oval:org.mitre.oval:def:12256",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12256"
"name": "oval:org.mitre.oval:def:12256",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12256"
}
]
}

146
2011/1xxx/CVE-2011-1574.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1574",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1574",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file."
"lang": "eng",
"value": "Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20110411 CVE request for libmodplug",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/11/6"
"name": "USN-1148-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-1148-1/"
},
{
"name" : "[oss-security] 20110411 Re: CVE request for libmodplug",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/11/13"
"name": "[oss-security] 20110411 Re: CVE request for libmodplug",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/13"
},
{
"name" : "https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt"
"name": "GLSA-201203-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091"
},
{
"name" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef259828a89bb00c2e6f78e89de7363b2237b",
"refsource" : "CONFIRM",
"url" : "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef259828a89bb00c2e6f78e89de7363b2237b"
"name": "https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695420",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695420"
"name": "44870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44870"
},
{
"name" : "DSA-2226",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2226"
"name": "[oss-security] 20110411 CVE request for libmodplug",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/6"
},
{
"name" : "GLSA-201203-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695420",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695420"
},
{
"name" : "MDVSA-2011:085",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:085"
"name": "1025480",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025480"
},
{
"name" : "RHSA-2011:0477",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-0477.html"
"name": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef259828a89bb00c2e6f78e89de7363b2237b",
"refsource": "CONFIRM",
"url": "http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=aecef259828a89bb00c2e6f78e89de7363b2237b"
},
{
"name" : "USN-1148-1",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/USN-1148-1/"
"name": "48434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48434"
},
{
"name" : "1025480",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025480"
"name": "DSA-2226",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2226"
},
{
"name" : "44870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44870"
"name": "8243",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8243"
},
{
"name" : "48434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48434"
"name": "RHSA-2011:0477",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-0477.html"
},
{
"name" : "8243",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8243"
"name": "MDVSA-2011:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:085"
}
]
}

68
2011/3xxx/CVE-2011-3247.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3247",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3247",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file."
"lang": "eng",
"value": "Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT5016",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5016"
"name": "http://support.apple.com/kb/HT5016",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5016"
},
{
"name" : "oval:org.mitre.oval:def:16071",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16071"
"name": "oval:org.mitre.oval:def:16071",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16071"
}
]
}

86
2011/3xxx/CVE-2011-3830.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3830",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3830",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://secunia.com/secunia_research/2011-76/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2011-76/"
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name" : "50632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50632"
"name": "sit-search-xss(71234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
},
{
"name" : "77000",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77000"
"name": "http://secunia.com/secunia_research/2011-76/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"name" : "45453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45453"
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name" : "sit-search-xss(71234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
"name": "77000",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77000"
}
]
}

22
2011/4xxx/CVE-2011-4456.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4456",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4456",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4313. Reason: This candidate is a reservation duplicate of CVE-2011-4313. Notes: All CVE users should reference CVE-2011-4313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4313. Reason: This candidate is a reservation duplicate of CVE-2011-4313. Notes: All CVE users should reference CVE-2011-4313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

74
2011/4xxx/CVE-2011-4563.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4563",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4563",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.jakcms.com/tracker/t/62/cross-site-scripting-flaw",
"refsource" : "CONFIRM",
"url" : "http://www.jakcms.com/tracker/t/62/cross-site-scripting-flaw"
"name": "50034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50034"
},
{
"name" : "50034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50034"
"name": "http://www.jakcms.com/tracker/t/62/cross-site-scripting-flaw",
"refsource": "CONFIRM",
"url": "http://www.jakcms.com/tracker/t/62/cross-site-scripting-flaw"
},
{
"name" : "46378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46378"
"name": "46378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46378"
}
]
}

86
2011/4xxx/CVE-2011-4672.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4672",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4672",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520572/100/0/threaded"
"name": "validtinyerp-searchfield-sql-injection(71402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71402"
},
{
"name" : "18128",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18128"
"name": "50732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50732"
},
{
"name" : "20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Nov/303"
"name": "18128",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18128"
},
{
"name" : "50732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50732"
"name": "20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520572/100/0/threaded"
},
{
"name" : "validtinyerp-searchfield-sql-injection(71402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71402"
"name": "20111119 Valid tiny-erp <= 1.6 SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Nov/303"
}
]
}

98
2011/4xxx/CVE-2011-4956.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4956",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4956",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/6"
"name": "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/17"
},
{
"name" : "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/17"
"name": "44038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44038"
},
{
"name" : "http://wordpress.org/news/2011/04/wordpress-3-1-1/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2011/04/wordpress-3-1-1/"
"name": "http://wordpress.org/news/2011/04/wordpress-3-1-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2011/04/wordpress-3-1-1/"
},
{
"name" : "DSA-2470",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2470"
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name" : "72141",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72141"
"name": "[oss-security] 20120419 Re: CVE-request: WordPress 3.1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/6"
},
{
"name" : "44038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44038"
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
},
{
"name" : "49138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49138"
"name": "72141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72141"
}
]
}

22
2011/4xxx/CVE-2011-4988.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4988",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-4988",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}

62
2013/5xxx/CVE-2013-5059.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5059",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-5059",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerabilities.\""
"lang": "eng",
"value": "Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerabilities.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS13-100",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100"
"name": "MS13-100",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-100"
}
]
}

22
2013/5xxx/CVE-2013-5085.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5085",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5085",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

74
2013/5xxx/CVE-2013-5500.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5500",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5500",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130919 Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5500"
"name": "20130919 Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5500"
},
{
"name" : "62575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62575"
"name": "1029064",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029064"
},
{
"name" : "1029064",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029064"
"name": "62575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62575"
}
]
}

22
2013/5xxx/CVE-2013-5518.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5518",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5518",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2013/5xxx/CVE-2013-5551.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5551",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5551",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199."
"lang": "eng",
"value": "Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131029 Cisco ASA Clientless SSL VPN Rewriter Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5551"
"name": "20131029 Cisco ASA Clientless SSL VPN Rewriter Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5551"
}
]
}

22
2013/5xxx/CVE-2013-5661.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5661",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5661",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2014/2xxx/CVE-2014-2222.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2222",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2222",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

152
2014/2xxx/CVE-2014-2403.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2403",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2403",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
"name": "USN-2187-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name" : "DSA-2912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2912"
"name": "RHSA-2014:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name": "USN-2191-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name" : "HPSBUX03092",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name" : "SSRT101668",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "RHSA-2014:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "RHSA-2014:0685",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
"name": "RHSA-2014:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name" : "RHSA-2014:0413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0413"
"name": "66918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66918"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
"name": "DSA-2912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2912"
},
{
"name" : "USN-2191-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2191-1"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "USN-2187-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2187-1"
"name": "58415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58415"
},
{
"name" : "66918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66918"
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "58415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58415"
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}

74
2014/2xxx/CVE-2014-2434.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2434",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2434",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
"name": "66872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66872"
},
{
"name" : "GLSA-201409-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "66872",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66872"
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}

68
2014/2xxx/CVE-2014-2670.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2670",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2670",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#140886",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/140886"
"name": "66499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66499"
},
{
"name" : "66499",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66499"
"name": "VU#140886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/140886"
}
]
}

22
2014/2xxx/CVE-2014-2898.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2898",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2898",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

110
2014/2xxx/CVE-2014-2913.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments."
"lang": "eng",
"value": "** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/240"
"name": "openSUSE-SU-2014:0603",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html"
},
{
"name" : "20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/242"
"name": "66969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66969"
},
{
"name" : "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/154"
"name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/155"
},
{
"name" : "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/155"
"name": "FEDORA-2015-15398",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html"
},
{
"name" : "FEDORA-2015-15398",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html"
"name": "openSUSE-SU-2014:0594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
},
{
"name" : "openSUSE-SU-2014:0594",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
"name": "SUSE-SU-2014:0682",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html"
},
{
"name" : "openSUSE-SU-2014:0603",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html"
"name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/154"
},
{
"name" : "SUSE-SU-2014:0682",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html"
"name": "20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/240"
},
{
"name" : "66969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66969"
"name": "20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/242"
}
]
}

98
2014/6xxx/CVE-2014-6414.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6414",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6414",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors."
"lang": "eng",
"value": "OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20140916 CVE request for vulnerability in OpenStack Neutron",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/15/5"
"name": "https://bugs.launchpad.net/neutron/+bug/1357379",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/neutron/+bug/1357379"
},
{
"name" : "https://bugs.launchpad.net/neutron/+bug/1357379",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/neutron/+bug/1357379"
"name": "[oss-security] 20140916 CVE request for vulnerability in OpenStack Neutron",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/15/5"
},
{
"name" : "RHSA-2014:1686",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1686.html"
"name": "RHSA-2014:1686",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1686.html"
},
{
"name" : "RHSA-2014:1785",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1785.html"
"name": "RHSA-2014:1786",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1786.html"
},
{
"name" : "RHSA-2014:1786",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1786.html"
"name": "RHSA-2014:1785",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1785.html"
},
{
"name" : "USN-2408-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2408-1"
"name": "USN-2408-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2408-1"
},
{
"name" : "62299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62299"
"name": "62299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62299"
}
]
}

74
2014/6xxx/CVE-2014-6884.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6884",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6884",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
"name": "VU#563313",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/563313"
},
{
"name" : "VU#563313",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/563313"
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}

92
2014/7xxx/CVE-2014-7284.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7284",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7284",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values."
"lang": "eng",
"value": "The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20141001 CVE Request: linux kernel net_get_random_once bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/01/19"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1148788",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148788"
},
{
"name" : "https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/",
"refsource" : "MISC",
"url" : "https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d4405226d27b3a215e4d03cfa51f536244e5de7",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d4405226d27b3a215e4d03cfa51f536244e5de7"
"name": "[oss-security] 20141001 CVE Request: linux kernel net_get_random_once bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/01/19"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
"name": "https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1148788",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1148788"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d4405226d27b3a215e4d03cfa51f536244e5de7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d4405226d27b3a215e4d03cfa51f536244e5de7"
},
{
"name" : "https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7"
"name": "https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7"
}
]
}

22
2014/7xxx/CVE-2014-7738.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7738",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7738",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}

68
2017/0xxx/CVE-2017-0334.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2017-0334",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0334",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Kernel-3.18"
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334."
"lang": "eng",
"value": "An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure Vulnerability"
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01.html"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
}
]
}

70
2017/0xxx/CVE-2017-0674.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-07-05T00:00:00",
"ID" : "CVE-2017-0674",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-07-05T00:00:00",
"ID": "CVE-2017-0674",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
"version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163."
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99478"
"name": "99478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99478"
}
]
}

82
2017/0xxx/CVE-2017-0794.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0794",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0794",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Android kernel"
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812."
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "USN-3798-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3798-2/"
"name": "100667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100667"
},
{
"name" : "USN-3798-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3798-1/"
"name": "USN-3798-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-1/"
},
{
"name" : "100667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100667"
"name": "USN-3798-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-2/"
}
]
}

70
2017/0xxx/CVE-2017-0913.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-05-24T00:00:00",
"ID" : "CVE-2017-0913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-05-24T00:00:00",
"ID": "CVE-2017-0913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
"lang": "eng",
"value": "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814",
"refsource" : "MISC",
"url" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
"name": "https://hackerone.com/reports/301406",
"refsource": "MISC",
"url": "https://hackerone.com/reports/301406"
},
{
"name" : "https://hackerone.com/reports/301406",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/301406"
"name": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814",
"refsource": "MISC",
"url": "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814"
}
]
}

66
2017/1000xxx/CVE-2017-1000006.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.260064",
"ID" : "CVE-2017-1000006",
"REQUESTER" : "jody@plot.ly",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.260064",
"ID": "CVE-2017-1000006",
"REQUESTER": "jody@plot.ly",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "plotly.js",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "Versions prior to 1.16.0, other than 1.10.4 and newer"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Plotly, Inc."
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue."
"lang": "eng",
"value": "Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/",
"refsource" : "CONFIRM",
"url" : "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/"
"name": "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/",
"refsource": "CONFIRM",
"url": "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/"
}
]
}

78
2017/1000xxx/CVE-2017-1000255.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-10-02",
"ID" : "CVE-2017-1000255",
"REQUESTER" : "mpe@ellerman.id.au",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-10-02",
"ID": "CVE-2017-1000255",
"REQUESTER": "mpe@ellerman.id.au",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "v4.9-rc1 and later (introduced in commit 5d176f751ee3c6eededd984ad409bff201f436a7)"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Linux Kernel"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: \"5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)\" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable."
"lang": "eng",
"value": "On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: \"5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)\" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-1000255",
"refsource" : "MISC",
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000255"
"name": "RHSA-2018:0654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name" : "RHSA-2018:0654",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0654"
"name": "https://access.redhat.com/security/cve/CVE-2017-1000255",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000255"
},
{
"name" : "101264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101264"
"name": "101264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101264"
}
]
}

80
2017/18xxx/CVE-2017-18001.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18001",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18001",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI."
"lang": "eng",
"value": "Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44047",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44047/"
"name": "http://seclists.org/fulldisclosure/2017/Dec/88",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/88"
},
{
"name" : "http://seclists.org/fulldisclosure/2017/Dec/88",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Dec/88"
"name": "https://blogs.securiteam.com/index.php/archives/3550",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3550"
},
{
"name" : "https://blogs.securiteam.com/index.php/archives/3550",
"refsource" : "MISC",
"url" : "https://blogs.securiteam.com/index.php/archives/3550"
"name": "https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/"
},
{
"name" : "https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/"
"name": "44047",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44047/"
}
]
}

68
2017/18xxx/CVE-2017-18100.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"ID" : "CVE-2017-18100",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"ID": "CVE-2017-18100",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters."
"lang": "eng",
"value": "The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jira.atlassian.com/browse/JRASERVER-67106",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-67106"
"name": "https://jira.atlassian.com/browse/JRASERVER-67106",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-67106"
},
{
"name" : "103729",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103729"
"name": "103729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103729"
}
]
}

74
2017/18xxx/CVE-2017-18303.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18303",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18303",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value" : "MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20"
"version_value": "MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20."
"lang": "eng",
"value": "While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in Sensors"
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Sensors"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name" : "1041432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041432"
"name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
}
]
}

22
2017/1xxx/CVE-2017-1061.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1061",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1061",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/1xxx/CVE-2017-1304.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1304",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1304",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Elastic Storage Server",
"version" : {
"version_data" : [
"product_name": "Elastic Storage Server",
"version": {
"version_data": [
{
"version_value" : "2.0"
"version_value": "2.0"
},
{
"version_value" : "2.5"
"version_value": "2.5"
},
{
"version_value" : "3.0"
"version_value": "3.0"
},
{
"version_value" : "3.5"
"version_value": "3.5"
},
{
"version_value" : "4.0"
"version_value": "4.0"
},
{
"version_value" : "4.5"
"version_value": "4.5"
},
{
"version_value" : "5.0"
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458."
"lang": "eng",
"value": "IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125458",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125458"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125458",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125458"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010230",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010230"
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010230",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010230"
},
{
"name" : "99274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99274"
"name": "99274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99274"
}
]
}

100
2017/1xxx/CVE-2017-1335.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-27T00:00:00",
"ID" : "CVE-2017-1335",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-27T00:00:00",
"ID": "CVE-2017-1335",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value" : "4.0.3"
"version_value": "4.0.3"
},
{
"version_value" : "4.0.4"
"version_value": "4.0.4"
},
{
"version_value" : "4.0.5"
"version_value": "4.0.5"
},
{
"version_value" : "4.0.6"
"version_value": "4.0.6"
},
{
"version_value" : "5.0"
"version_value": "5.0"
},
{
"version_value" : "4.0.7"
"version_value": "4.0.7"
},
{
"version_value" : "5.0.1"
"version_value": "5.0.1"
},
{
"version_value" : "5.0.2"
"version_value": "5.0.2"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243."
"lang": "eng",
"value": "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126243",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126243"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008785",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008785"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22008785",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22008785"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126243",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126243"
},
{
"name" : "101062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101062"
"name": "101062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101062"
}
]
}

22
2017/4xxx/CVE-2017-4450.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4450",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4450",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/4xxx/CVE-2017-4572.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4572",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4572",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/5xxx/CVE-2017-5281.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5281",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5281",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

82
2017/5xxx/CVE-2017-5417.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5417",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5417",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52"
"version_affected": "<",
"version_value": "52"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
"vendor_name": "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52."
"lang": "eng",
"value": "When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Addressbar spoofing by draging and dropping URLs"
"lang": "eng",
"value": "Addressbar spoofing by draging and dropping URLs"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=791597",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=791597"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=791597",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=791597"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
},
{
"name" : "96692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96692"
"name": "1037966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037966"
},
{
"name" : "1037966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037966"
"name": "96692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96692"
}
]
}

70
2017/5xxx/CVE-2017-5788.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-03-13T00:00:00",
"ID" : "CVE-2017-5788",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-03-13T00:00:00",
"ID": "CVE-2017-5788",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "NonStop Software Essentials",
"version" : {
"version_data" : [
"product_name": "NonStop Software Essentials",
"version": {
"version_data": [
{
"version_value" : "T0894 T0894H02 through T0894H02^AAI"
"version_value": "T0894 T0894H02 through T0894H02^AAI"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found."
"lang": "eng",
"value": "A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Local Disclosure of Sensitive Information"
"lang": "eng",
"value": "Local Disclosure of Sensitive Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us"
"name": "1038026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038026"
},
{
"name" : "1038026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038026"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03708en_us"
}
]
}