admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:42:14 +00:00
parent f7b9d251af
commit e2f2e8a6fc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4220 additions and 4220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2006/0xxx/CVE-2006-0227.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm"
},
{
"name" : "102033",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102033-1"
},
{
"name" : "16245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16245"
},
{
"name" : "ADV-2006-0200",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0200"
},
{
"name" : "22441",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22441"
},
{
"name" : "22442",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22442"
},
{
"name" : "oval:org.mitre.oval:def:662",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A662"
},
{
"name" : "1015492",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015492"
},
{
"name" : "18498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18498"
},
{
"name" : "19087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19087"
},
{
"name" : "solaris-lpsched-dos(24127)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:662",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A662"
},
{
"name": "22441",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22441"
},
{
"name": "102033",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102033-1"
},
{
"name": "ADV-2006-0200",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0200"
},
{
"name": "1015492",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015492"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm"
},
{
"name": "16245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16245"
},
{
"name": "solaris-lpsched-dos(24127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24127"
},
{
"name": "19087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19087"
},
{
"name": "22442",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22442"
},
{
"name": "18498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18498"
}
]
}
}

170
2006/0xxx/CVE-2006-0413.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060122 Newsphp Multiple SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423129/100/0/threaded"
},
{
"name" : "16339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16339"
},
{
"name" : "ADV-2006-0341",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0341"
},
{
"name" : "22717",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22717"
},
{
"name" : "18624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18624"
},
{
"name" : "newsphp-index-sql-injection(24320)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22717"
},
{
"name": "20060122 Newsphp Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423129/100/0/threaded"
},
{
"name": "18624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18624"
},
{
"name": "newsphp-index-sql-injection(24320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24320"
},
{
"name": "ADV-2006-0341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0341"
},
{
"name": "16339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16339"
}
]
}
}

210
2006/0xxx/CVE-2006-0961.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as \"Cilem News,\" although that does not appear to be the proper name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060224 Advisory: CilemNews System <= 1.1 Remote SQL",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=114079912721723&w=2"
},
{
"name" : "20060224 Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0449.html"
},
{
"name" : "1562",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1562"
},
{
"name" : "http://www.nukedx.com/?viewdoc=10",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=10"
},
{
"name" : "16813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16813"
},
{
"name" : "ADV-2006-0881",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0881"
},
{
"name" : "23618",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23618"
},
{
"name" : "1015677",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015677"
},
{
"name" : "19157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19157"
},
{
"name" : "cilemnews-sql-injection(24920)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as \"Cilem News,\" although that does not appear to be the proper name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16813"
},
{
"name": "1015677",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015677"
},
{
"name": "23618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23618"
},
{
"name": "20060224 Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0449.html"
},
{
"name": "http://www.nukedx.com/?viewdoc=10",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=10"
},
{
"name": "1562",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1562"
},
{
"name": "20060224 Advisory: CilemNews System <= 1.1 Remote SQL",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=114079912721723&w=2"
},
{
"name": "cilemnews-sql-injection(24920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24920"
},
{
"name": "ADV-2006-0881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0881"
},
{
"name": "19157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19157"
}
]
}
}

160
2006/3xxx/CVE-2006-3062.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060609 myPHP Guestbook 2.0.2 XSS Vulnerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436842/100/0/threaded"
},
{
"name" : "ADV-2006-2308",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2308"
},
{
"name" : "20572",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20572"
},
{
"name" : "1110",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1110"
},
{
"name" : "myphpguestbook-index-xss(27074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpguestbook-index-xss(27074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27074"
},
{
"name": "ADV-2006-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2308"
},
{
"name": "20572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20572"
},
{
"name": "1110",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1110"
},
{
"name": "20060609 myPHP Guestbook 2.0.2 XSS Vulnerabilitie",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436842/100/0/threaded"
}
]
}
}

170
2006/3xxx/CVE-2006-3305.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html"
},
{
"name" : "18643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18643"
},
{
"name" : "22375",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22375"
},
{
"name" : "ADV-2006-2513",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2513"
},
{
"name" : "20804",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20804"
},
{
"name" : "uebimiau-multiple-scripts-xss(27371)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "uebimiau-multiple-scripts-xss(27371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27371"
},
{
"name": "18643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18643"
},
{
"name": "20804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20804"
},
{
"name": "http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html"
},
{
"name": "ADV-2006-2513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2513"
},
{
"name": "22375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22375"
}
]
}
}

190
2006/3xxx/CVE-2006-3690.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060715 MiniBB Forum <= 1.5a Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440132/100/0/threaded"
},
{
"name" : "2030",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2030"
},
{
"name" : "http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt"
},
{
"name" : "18998",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18998"
},
{
"name" : "28594",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28594"
},
{
"name" : "1016507",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016507"
},
{
"name" : "1245",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1245"
},
{
"name" : "minibb-multiple-scripts-file-include(27749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016507"
},
{
"name": "2030",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2030"
},
{
"name": "1245",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1245"
},
{
"name": "http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv39-matdhule-2006.txt"
},
{
"name": "20060715 MiniBB Forum <= 1.5a Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440132/100/0/threaded"
},
{
"name": "18998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18998"
},
{
"name": "minibb-multiple-scripts-file-include(27749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27749"
},
{
"name": "28594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28594"
}
]
}
}

320
2006/4xxx/CVE-2006-4192.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442721/100/100/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/mptho-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/mptho-adv.txt"
},
{
"name" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=497154",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=497154"
},
{
"name" : "GLSA-200612-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200612-04.xml"
},
{
"name" : "MDKSA-2007:001",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:001"
},
{
"name" : "RHSA-2011:0477",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-0477.html"
},
{
"name" : "SUSE-SR:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name" : "USN-521-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-521-1"
},
{
"name" : "19448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19448"
},
{
"name" : "ADV-2006-3231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3231"
},
{
"name" : "ADV-2006-4310",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4310"
},
{
"name" : "21418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21418"
},
{
"name" : "22658",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22658"
},
{
"name" : "22080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22080"
},
{
"name" : "23294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23294"
},
{
"name" : "23555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23555"
},
{
"name" : "26979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26979"
},
{
"name" : "1397",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1397"
},
{
"name" : "openmpt-loadit-bo(28305)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28305"
},
{
"name" : "openmpt-readsample-bo(28309)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21418"
},
{
"name": "openmpt-readsample-bo(28309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28309"
},
{
"name": "GLSA-200612-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-04.xml"
},
{
"name": "19448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19448"
},
{
"name": "USN-521-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-521-1"
},
{
"name": "SUSE-SR:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html"
},
{
"name": "http://aluigi.altervista.org/adv/mptho-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/mptho-adv.txt"
},
{
"name": "22658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22658"
},
{
"name": "20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442721/100/100/threaded"
},
{
"name": "23555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23555"
},
{
"name": "22080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22080"
},
{
"name": "ADV-2006-4310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4310"
},
{
"name": "http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=bc2cdd57d549ab3ba59782e9b395d0cd683fd3ac"
},
{
"name": "MDKSA-2007:001",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:001"
},
{
"name": "1397",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1397"
},
{
"name": "26979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26979"
},
{
"name": "RHSA-2011:0477",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-0477.html"
},
{
"name": "23294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23294"
},
{
"name": "ADV-2006-3231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3231"
},
{
"name": "openmpt-loadit-bo(28305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28305"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=497154",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497154"
}
]
}
}

350
2006/4xxx/CVE-2006-4514.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061130 Multiple Vendor libgsf Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446"
},
{
"name" : "20061214 rPSA-2006-0232-1 libgsf",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454389/30/9210/threaded"
},
{
"name" : "https://issues.rpath.com/browse/RPL-857",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-857"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "DSA-1221",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1221"
},
{
"name" : "GLSA-200612-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200612-13.xml"
},
{
"name" : "MDKSA-2006:220",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:220"
},
{
"name" : "RHSA-2007:0011",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0011.html"
},
{
"name" : "20070101-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc"
},
{
"name" : "SUSE-SA:2006:076",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0005.html"
},
{
"name" : "USN-391-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-391-1"
},
{
"name" : "21358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21358"
},
{
"name" : "oval:org.mitre.oval:def:9413",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9413"
},
{
"name" : "ADV-2006-4784",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4784"
},
{
"name" : "23164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23164"
},
{
"name" : "23166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23166"
},
{
"name" : "23167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23167"
},
{
"name" : "23227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23227"
},
{
"name" : "23355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23355"
},
{
"name" : "23337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23337"
},
{
"name" : "23352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23352"
},
{
"name" : "23686",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23686"
},
{
"name" : "23920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23920"
},
{
"name" : "libgsf-metabat-bo(30611)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30611"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-857",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-857"
},
{
"name": "RHSA-2007:0011",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0011.html"
},
{
"name": "23167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23167"
},
{
"name": "23920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23920"
},
{
"name": "23352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23352"
},
{
"name": "GLSA-200612-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-13.xml"
},
{
"name": "USN-391-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-391-1"
},
{
"name": "23227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23227"
},
{
"name": "21358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21358"
},
{
"name": "MDKSA-2006:220",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:220"
},
{
"name": "20061130 Multiple Vendor libgsf Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446"
},
{
"name": "libgsf-metabat-bo(30611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30611"
},
{
"name": "ADV-2006-4784",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4784"
},
{
"name": "SUSE-SA:2006:076",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Dec/0005.html"
},
{
"name": "20061214 rPSA-2006-0232-1 libgsf",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454389/30/9210/threaded"
},
{
"name": "23166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23166"
},
{
"name": "23337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23337"
},
{
"name": "oval:org.mitre.oval:def:9413",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9413"
},
{
"name": "23355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23355"
},
{
"name": "DSA-1221",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1221"
},
{
"name": "23164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23164"
},
{
"name": "23686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23686"
},
{
"name": "20070101-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

140
2006/4xxx/CVE-2006-4591.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060901 SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445156/100/0/threaded"
},
{
"name" : "19769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19769"
},
{
"name" : "1509",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19769"
},
{
"name": "20060901 SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445156/100/0/threaded"
},
{
"name": "1509",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1509"
}
]
}
}

130
2006/4xxx/CVE-2006-4621.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-3426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3426"
},
{
"name" : "21678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21678"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3426"
},
{
"name": "21678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21678"
}
]
}
}

170
2006/4xxx/CVE-2006-4923.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060919 eSyndiCat Portal System XSS Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446377/100/0/threaded"
},
{
"name" : "20106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20106"
},
{
"name" : "ADV-2006-3710",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3710"
},
{
"name" : "21979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21979"
},
{
"name" : "1618",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1618"
},
{
"name" : "esyndicat-search-xss(29026)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3710",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3710"
},
{
"name": "21979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21979"
},
{
"name": "20106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20106"
},
{
"name": "esyndicat-search-xss(29026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29026"
},
{
"name": "1618",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1618"
},
{
"name": "20060919 eSyndiCat Portal System XSS Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446377/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4947.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"lack of validation on output.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/85050",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/85050"
},
{
"name" : "20126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20126"
},
{
"name" : "ADV-2006-3715",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3715"
},
{
"name" : "22021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22021"
},
{
"name" : "searchkeywords-parameters-xss(29063)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29063"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"lack of validation on output.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/85050",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/85050"
},
{
"name": "searchkeywords-parameters-xss(29063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29063"
},
{
"name": "ADV-2006-3715",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3715"
},
{
"name": "22021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22021"
},
{
"name": "20126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20126"
}
]
}
}

130
2006/6xxx/CVE-2006-6438.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
},
{
"name" : "23265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23265"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
}
]
}
}

140
2006/7xxx/CVE-2006-7062.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name" : "25065",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25065"
},
{
"name" : "kmail-calendar-path-disclosure(26120)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html"
},
{
"name": "kmail-calendar-path-disclosure(26120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26120"
},
{
"name": "25065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25065"
}
]
}
}

180
2010/2xxx/CVE-2010-2190.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "HPSBOV02763",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SSRT100826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "SUSE-SR:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name" : "php-substrreplace-info-disclosure(59220)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html"
},
{
"name": "php-substrreplace-info-disclosure(59220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59220"
},
{
"name": "http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2257.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10983",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10983"
},
{
"name" : "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10983",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10983"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/ppmvcs-sqlxss.txt"
}
]
}
}

240
2010/2xxx/CVE-2010-2524.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a \"cache stuffing\" issue and MS-DFS referrals."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100802 CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128072090331700&w=2"
},
{
"name" : "[oss-security] 20100802 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128078387328921&w=2"
},
{
"name" : "[oss-security] 20100803 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128080755321157&w=2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=612166",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=612166"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "MDVSA-2010:172",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
},
{
"name" : "RHSA-2010:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name" : "SUSE-SA:2010:040",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name" : "USN-1000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name" : "43315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a \"cache stuffing\" issue and MS-DFS referrals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "[oss-security] 20100802 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128078387328921&w=2"
},
{
"name": "SUSE-SA:2010:040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
},
{
"name": "[oss-security] 20100802 CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128072090331700&w=2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=612166",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=612166"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7"
},
{
"name": "MDVSA-2010:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
},
{
"name": "[oss-security] 20100803 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128080755321157&w=2"
}
]
}
}

130
2010/3xxx/CVE-2010-3748.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/10152010_player/en/"
},
{
"name" : "44144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44144"
},
{
"name": "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10152010_player/en/"
}
]
}
}

160
2011/0xxx/CVE-2011-0169.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "46809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46809"
},
{
"name" : "1025183",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025183"
},
{
"name" : "safari-commandlineapi-xss(66006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "safari-commandlineapi-xss(66006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66006"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "46809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46809"
},
{
"name": "1025183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025183"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
}
]
}
}

160
2011/0xxx/CVE-2011-0395.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml"
},
{
"name" : "1025108",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025108"
},
{
"name" : "43488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43488"
},
{
"name" : "ADV-2011-0493",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0493"
},
{
"name" : "asa-rip-dos(65590)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml"
},
{
"name": "1025108",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025108"
},
{
"name": "43488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43488"
},
{
"name": "ADV-2011-0493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0493"
},
{
"name": "asa-rip-dos(65590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65590"
}
]
}
}

220
2011/0xxx/CVE-2011-0436.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
"refsource" : "MLIST",
"url" : "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
},
{
"name" : "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/02/22/1"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
},
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0"
},
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285"
},
{
"name" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
"refsource" : "CONFIRM",
"url" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
},
{
"name" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
"refsource" : "CONFIRM",
"url" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
},
{
"name" : "DSA-2179",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2179"
},
{
"name" : "43523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43523"
},
{
"name" : "ADV-2011-0556",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0556"
},
{
"name" : "dtc-passwords-info-disc(65898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43523"
},
{
"name": "ADV-2011-0556",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0556"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
},
{
"name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/1"
},
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0"
},
{
"name": "DSA-2179",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2179"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
},
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285"
},
{
"name": "dtc-passwords-info-disc(65898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
},
{
"name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
"refsource": "MLIST",
"url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
}
]
}
}

200
2011/0xxx/CVE-2011-0567.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-065/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-065/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "RHSA-2011:0301",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name" : "46199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46199"
},
{
"name" : "oval:org.mitre.oval:def:12248",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12248"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "43470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43470"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "ADV-2011-0492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0492"
},
{
"name": "43470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43470"
},
{
"name": "RHSA-2011:0301",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html"
},
{
"name": "46199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46199"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-065/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-065/"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "oval:org.mitre.oval:def:12248",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12248"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

210
2011/0xxx/CVE-2011-0673.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-0673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47234"
},
{
"name" : "oval:org.mitre.oval:def:12546",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12546"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var8-priv-escalation(66402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka \"Win32k Null Pointer De-reference Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "oval:org.mitre.oval:def:12546",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12546"
},
{
"name": "47234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47234"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
},
{
"name": "mswin-win32k-var8-priv-escalation(66402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66402"
}
]
}
}

120
2011/0xxx/CVE-2011-0856.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

160
2011/1xxx/CVE-2011-1367.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21515110",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
},
{
"name" : "49989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49989"
},
{
"name" : "46326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46326"
},
{
"name" : "46329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46329"
},
{
"name" : "rational-appscan-scan-code-execution(70044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49989"
},
{
"name": "rational-appscan-scan-code-execution(70044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70044"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
},
{
"name": "46329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46329"
},
{
"name": "46326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46326"
}
]
}
}

140
2011/5xxx/CVE-2011-5273.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
},
{
"name" : "DSA-2365",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
},
{
"name": "DSA-2365",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2365"
},
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
}
]
}
}

140
2014/3xxx/CVE-2014-3060.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685705",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685705"
},
{
"name" : "IT03476",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476"
},
{
"name" : "ibm-xc10-cve20143060-sec-bypass(93534)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93534"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685705"
},
{
"name": "ibm-xc10-cve20143060-sec-bypass(93534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93534"
},
{
"name": "IT03476",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476"
}
]
}
}

170
2014/3xxx/CVE-2014-3202.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2014-3202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/26/2"
},
{
"name" : "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/26/1"
},
{
"name" : "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/29/2"
},
{
"name" : "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/03/1"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"
},
{
"name" : "https://bugs.launchpad.net/unity/+bug/1308750",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/unity/+bug/1308750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140429 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/29/2"
},
{
"name": "[oss-security] 20140503 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572"
},
{
"name": "https://bugs.launchpad.net/unity/+bug/1308750",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/unity/+bug/1308750"
},
{
"name": "[oss-security] 20140426 Ubuntu 14.04: security problem in the lock screen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/26/1"
},
{
"name": "[oss-security] 20140426 Re: Ubuntu 14.04: security problem in the lock screen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/26/2"
}
]
}
}

200
2014/3xxx/CVE-2014-3504.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc"
},
{
"name" : "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt",
"refsource" : "CONFIRM",
"url" : "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "GLSA-201610-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-05"
},
{
"name" : "openSUSE-SU-2014:1059",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name" : "USN-2315-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2315-1"
},
{
"name" : "69238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69238"
},
{
"name" : "60721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60721"
},
{
"name" : "59584",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2315-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2315-1"
},
{
"name": "69238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69238"
},
{
"name": "60721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60721"
},
{
"name": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
},
{
"name": "https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc"
},
{
"name": "openSUSE-SU-2014:1059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59584"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

130
2014/3xxx/CVE-2014-3539.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150206 python-rope: pickle.load of remotely supplied data with no authentication required",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/02/07/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150206 python-rope: pickle.load of remotely supplied data with no authentication required",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/07/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116485",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116485"
}
]
}
}

140
2014/3xxx/CVE-2014-3815.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10633",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10633"
},
{
"name" : "68551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68551"
},
{
"name" : "1030557",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10633",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10633"
},
{
"name": "68551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68551"
},
{
"name": "1030557",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030557"
}
]
}
}

140
2014/6xxx/CVE-2014-6230.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/60"
},
{
"name" : "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/",
"refsource" : "MISC",
"url" : "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"
},
{
"name" : "https://wordpress.org/plugins/wp-ban/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wp-ban/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wp-ban/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-ban/changelog/"
},
{
"name": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/"
},
{
"name": "20140917 Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/60"
}
]
}
}

140
2014/6xxx/CVE-2014-6750.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#483233",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/483233"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#483233",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/483233"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6825.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#957289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/957289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#957289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/957289"
}
]
}
}

140
2014/6xxx/CVE-2014-6991.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#194417",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/194417"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#194417",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/194417"
}
]
}
}

140
2014/7xxx/CVE-2014-7757.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#756737",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/756737"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#756737",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/756737"
}
]
}
}

200
2014/7xxx/CVE-2014-7939.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=399951",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=399951"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=399951",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=399951"
}
]
}
}

120
2014/8xxx/CVE-2014-8069.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2) PATH_INFO to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128641/Pagekit-0.8.7-Cross-Site-Scripting-Open-Redirect.html"
}
]
}
}

130
2014/8xxx/CVE-2014-8604.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=110",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=110"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/"
},
{
"name": "http://www.vapid.dhs.org/advisory.php?v=110",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=110"
}
]
}
}

150
2014/8xxx/CVE-2014-8834.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
},
{
"name" : "macosx-cve20148834-info-disc(100531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "macosx-cve20148834-info-disc(100531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100531"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8977.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8977",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8977",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2016/2xxx/CVE-2016-2016.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"
},
{
"name" : "1035816",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749"
},
{
"name": "1035816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035816"
}
]
}
}

34
2016/2xxx/CVE-2016-2359.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2359",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2359",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2016/2xxx/CVE-2016-2390.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[squid-announce] 20160216 Squid 3.5.14 is available",
"refsource" : "MLIST",
"url" : "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"name" : "[squid-announce] 20160216 Squid 4.0.6 beta is available",
"refsource" : "MLIST",
"url" : "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"name" : "http://bugs.squid-cache.org/show_bug.cgi?id=4437",
"refsource" : "CONFIRM",
"url" : "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
},
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"name" : "SUSE-SU-2016:1996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name" : "SUSE-SU-2016:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name" : "1035045",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035045",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035045"
},
{
"name": "[squid-announce] 20160216 Squid 4.0.6 beta is available",
"refsource": "MLIST",
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"name": "[squid-announce] 20160216 Squid 3.5.14 is available",
"refsource": "MLIST",
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4437",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
}
]
}
}

34
2016/2xxx/CVE-2016-2438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2438",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2547, CVE-2016-2548. Reason: This candidate is a duplicate of CVE-2016-2547 and CVE-2016-2548. Notes: All CVE users should reference CVE-2016-2547 and/or CVE-2016-2548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2438",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2547, CVE-2016-2548. Reason: This candidate is a duplicate of CVE-2016-2547 and CVE-2016-2548. Notes: All CVE users should reference CVE-2016-2547 and/or CVE-2016-2548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2017/18xxx/CVE-2017-18227.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dx.doi.org/10.14722/ndss.2017.23456",
"refsource" : "MISC",
"url" : "http://dx.doi.org/10.14722/ndss.2017.23456"
},
{
"name" : "https://jhalderm.com/pub/papers/interception-ndss17.pdf",
"refsource" : "MISC",
"url" : "https://jhalderm.com/pub/papers/interception-ndss17.pdf"
},
{
"name" : "https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/",
"refsource" : "MISC",
"url" : "https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/",
"refsource": "MISC",
"url": "https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/"
},
{
"name": "http://dx.doi.org/10.14722/ndss.2017.23456",
"refsource": "MISC",
"url": "http://dx.doi.org/10.14722/ndss.2017.23456"
},
{
"name": "https://jhalderm.com/pub/papers/interception-ndss17.pdf",
"refsource": "MISC",
"url": "https://jhalderm.com/pub/papers/interception-ndss17.pdf"
}
]
}
}

150
2017/18xxx/CVE-2017-18233.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180321 [SECURITY] [DLA 1310-1] exempi security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=102151",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=102151"
},
{
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260"
},
{
"name" : "USN-3668-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3668-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180321 [SECURITY] [DLA 1310-1] exempi security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html"
},
{
"name": "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260"
},
{
"name": "USN-3668-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3668-1/"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102151",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102151"
}
]
}
}

232
2017/1xxx/CVE-2017-1278.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational DOORS Next Generation ",
"version" : {
"version_data" : [
{
"version_value" : "5.0.2"
}
]
}
},
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
{
"version_value" : "4.0.1"
},
{
"version_value" : "4.0.5"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.3"
},
{
"version_value" : "4.0.4"
},
{
"version_value" : "4.0.6"
},
{
"version_value" : "4.0.7"
},
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS Next Generation ",
"version": {
"version_data": [
{
"version_value": "5.0.2"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "4.0.1"
},
{
"version_value": "4.0.5"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.3"
},
{
"version_value": "4.0.4"
},
{
"version_value": "4.0.6"
},
{
"version_value": "4.0.7"
},
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124756",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124756"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22002809",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22002809"
},
{
"name" : "98994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98994"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002809",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002809"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124756",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124756"
},
{
"name": "98994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98994"
}
]
}
}

172
2017/1xxx/CVE-2017-1705.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00",
"ID" : "CVE-2017-1705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Privileged Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-26T00:00:00",
"ID": "CVE-2017-1705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Privileged Identity Manager",
"version": {
"version_data": [
{
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134427",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134427"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014988",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014988"
},
{
"name" : "103677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it can be obtained by viewing the page source. IBM X-Force ID: 134427."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "4.300",
"UI": "N"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014988",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014988"
},
{
"name": "103677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103677"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134427",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134427"
}
]
}
}

180
2017/5xxx/CVE-2017-5019.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use after free"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/666714",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/666714"
},
{
"name" : "DSA-3776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3776"
},
{
"name" : "GLSA-201701-66",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-66"
},
{
"name" : "RHSA-2017:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name" : "95792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95792"
},
{
"name" : "1037718",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/666714",
"refsource": "CONFIRM",
"url": "https://crbug.com/666714"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

156
2017/5xxx/CVE-2017-5653.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-5653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache CXF",
"version" : {
"version_data" : [
{
"version_value" : "prior to 3.0.13"
},
{
"version_value" : "3.1.x prior to 3.1.11"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML Security streaming clients do not validate that the service response was secured."
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "prior to 3.0.13"
},
{
"version_value": "3.1.x prior to 3.1.11"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2",
"refsource" : "CONFIRM",
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2"
},
{
"name" : "RHSA-2017:1832",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name" : "97968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97968"
},
{
"name" : "1038279",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Security streaming clients do not validate that the service response was secured."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2"
},
{
"name": "1038279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038279"
},
{
"name": "97968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97968"
}
]
}
}

34
2017/5xxx/CVE-2017-5750.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5750",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5750",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/5xxx/CVE-2017-5831.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name" : "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource" : "CONFIRM",
"url" : "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name" : "95875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}

34
2017/5xxx/CVE-2017-5862.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5862",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5862",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}