admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:19:27 +00:00
parent cd180b2b99
commit e6e834e219
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3942 additions and 3942 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

390
2006/2xxx/CVE-2006-2934.json
View File

@ -1,197 +1,197 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-2934", "ID": "CVE-2006-2934",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060707 rPSA-2006-0122-1 kernel", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/439483/100/100/threaded" "lang": "eng",
}, "value": "SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer."
{ }
"name" : "20060710 Re: rPSA-2006-0122-1 kernel", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/439610/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://issues.rpath.com/browse/RPL-488", "description": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-488" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387" "name": "USN-331-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-331-1"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23" "name": "26963",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26963"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3" "name": "21934",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21934"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" "name": "20917",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20917"
"name" : "MDKSA-2006:151", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" "name": "SUSE-SA:2006:042",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html"
"name" : "RHSA-2006:0575", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" "name": "20060707 rPSA-2006-0122-1 kernel",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/439483/100/100/threaded"
"name" : "SUSE-SA:2006:042", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" "name": "21298",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21298"
"name" : "SUSE-SA:2006:047", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" "name": "20060710 Re: rPSA-2006-0122-1 kernel",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/439610/100/100/threaded"
"name" : "USN-331-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-331-1" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387"
"name" : "USN-346-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-346-1" "name": "SUSE-SA:2006:047",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html"
"name" : "VU#717844", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/717844" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3"
"name" : "18755", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18755" "name": "MDKSA-2006:151",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151"
"name" : "oval:org.mitre.oval:def:10932", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10932" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23"
"name" : "ADV-2006-2623", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2623" "name": "21614",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21614"
"name" : "26963", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26963" "name": "RHSA-2006:0575",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
"name" : "20917", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20917" "name": "VU#717844",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/717844"
"name" : "20986", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20986" "name": "21465",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21465"
"name" : "21179", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21179" "name": "USN-346-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-346-1"
"name" : "21298", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21298" "name": "21498",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21498"
"name" : "21465", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21465" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
"name" : "21614", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21614" "name": "22417",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22417"
"name" : "22417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22417" "name": "20986",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20986"
"name" : "21934", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21934" "name": "oval:org.mitre.oval:def:10932",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10932"
"name" : "21498", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21498" "name": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9",
} "refsource": "CONFIRM",
] "url": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9"
} },
} {
"name": "18755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18755"
},
{
"name": "ADV-2006-2623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2623"
},
{
"name": "https://issues.rpath.com/browse/RPL-488",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-488"
},
{
"name": "21179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21179"
}
]
}
}

170
2006/2xxx/CVE-2006-2969.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2969", "ID": "CVE-2006-2969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060609 TinyMuw v1.0 - XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436640/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations."
{ }
"name" : "18483", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18483" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2310", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2310" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20607", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20607" ]
}, },
{ "references": {
"name" : "1091", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1091" "name": "20060609 TinyMuw v1.0 - XSS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/436640/100/0/threaded"
"name" : "tinymuw-quickchat-xss(27154)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27154" "name": "tinymuw-quickchat-xss(27154)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27154"
} },
} {
"name": "ADV-2006-2310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2310"
},
{
"name": "1091",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1091"
},
{
"name": "18483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18483"
},
{
"name": "20607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20607"
}
]
}
}

240
2006/3xxx/CVE-2006-3061.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3061", "ID": "CVE-2006-3061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the \"search box\") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060611 5 Star Review - review-script.com - XSS w/ cookie output", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436771/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the \"search box\") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php."
{ }
"name" : "18390", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18390" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2346", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2346" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26496", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26496" ]
}, },
{ "references": {
"name" : "26497", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26497" "name": "20613",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20613"
"name" : "26498", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26498" "name": "ADV-2006-2346",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2346"
"name" : "26499", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26499" "name": "26499",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26499"
"name" : "20613", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20613" "name": "1107",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1107"
"name" : "1107", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1107" "name": "fivestarreview-index2-xss(27188)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27188"
"name" : "fivestarreview-index2-xss(27188)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27188" "name": "18390",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18390"
"name" : "fivestarreview-profile-xss(27192)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27192" "name": "fivestarreview-report-xss(27189)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27189"
"name" : "fivestarreview-report-xss(27189)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27189" "name": "26497",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26497"
"name" : "fivestarreview-searchreviews-xss(27190)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27190" "name": "fivestarreview-profile-xss(27192)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27192"
} },
} {
"name": "26498",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26498"
},
{
"name": "fivestarreview-searchreviews-xss(27190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27190"
},
{
"name": "20060611 5 Star Review - review-script.com - XSS w/ cookie output",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436771/100/0/threaded"
},
{
"name": "26496",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26496"
}
]
}
}

190
2006/3xxx/CVE-2006-3772.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3772", "ID": "CVE-2006-3772",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060718 [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440419/100/0/threaded" "lang": "eng",
}, "value": "PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie."
{ }
"name" : "http://www.kapda.ir/advisory-380.html", ]
"refsource" : "MISC", },
"url" : "http://www.kapda.ir/advisory-380.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2036", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2036" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19046", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19046" ]
}, },
{ "references": {
"name" : "ADV-2006-2877", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2877" "name": "19046",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19046"
"name" : "21115", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21115" "name": "1264",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1264"
"name" : "1264", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1264" "name": "2036",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/2036"
"name" : "phppost-cookie-privilege-escalation(27862)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27862" "name": "20060718 [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/440419/100/0/threaded"
} },
} {
"name": "ADV-2006-2877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2877"
},
{
"name": "http://www.kapda.ir/advisory-380.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-380.html"
},
{
"name": "21115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21115"
},
{
"name": "phppost-cookie-privilege-escalation(27862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27862"
}
]
}
}

210
2006/3xxx/CVE-2006-3883.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3883", "ID": "CVE-2006-3883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/441087/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php."
{ }
"name" : "19149", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19149" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2983", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2983" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27519", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/27519" ]
}, },
{ "references": {
"name" : "27520", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27520" "name": "19149",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19149"
"name" : "27521", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27521" "name": "21212",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21212"
"name" : "1016584", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016584" "name": "27520",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27520"
"name" : "21212", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21212" "name": "ADV-2006-2983",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2983"
"name" : "1287", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1287" "name": "linkscaffe-multiple-xss(27960)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27960"
"name" : "linkscaffe-multiple-xss(27960)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27960" "name": "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/441087/100/0/threaded"
} },
} {
"name": "27521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27521"
},
{
"name": "1287",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1287"
},
{
"name": "1016584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016584"
},
{
"name": "27519",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27519"
}
]
}
}

34
2006/4xxx/CVE-2006-4841.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4841", "ID": "CVE-2006-4841",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2006/6xxx/CVE-2006-6202.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6202", "ID": "CVE-2006-6202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2843", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2843" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter."
{ }
"name" : "21284", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21284" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4702", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4702" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nukeai-util-file-include(30524)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30524" ]
} },
] "references": {
} "reference_data": [
} {
"name": "21284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21284"
},
{
"name": "ADV-2006-4702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4702"
},
{
"name": "nukeai-util-file-include(30524)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30524"
},
{
"name": "2843",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2843"
}
]
}
}

170
2006/6xxx/CVE-2006-6284.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6284", "ID": "CVE-2006-6284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/452018/100/200/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter."
{ }
"name" : "21196", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21196" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30530", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30530" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23026", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23026" ]
}, },
{ "references": {
"name" : "1966", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1966" "name": "20061118 Vikingboard (0.1.2) [ multiples vulnerability ]",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/452018/100/200/threaded"
"name" : "vikingboard-admin-file-include(30389)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30389" "name": "21196",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/21196"
} },
} {
"name": "1966",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1966"
},
{
"name": "23026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23026"
},
{
"name": "30530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30530"
},
{
"name": "vikingboard-admin-file-include(30389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30389"
}
]
}
}

150
2006/6xxx/CVE-2006-6599.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6599", "ID": "CVE-2006-6599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (\";\" semicolon) in the announce parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2903", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2903" "lang": "eng",
}, "value": "maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (\";\" semicolon) in the announce parameter."
{ }
"name" : "21526", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21526" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23270", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23270" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "torrentflux-maketorrent-command-execution(30850)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30850" ]
} },
] "references": {
} "reference_data": [
} {
"name": "23270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23270"
},
{
"name": "21526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21526"
},
{
"name": "2903",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2903"
},
{
"name": "torrentflux-maketorrent-command-execution(30850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30850"
}
]
}
}

120
2006/6xxx/CVE-2006-6658.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6658", "ID": "CVE-2006-6658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1017242", "description_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017242" "lang": "eng",
} "value": "Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017242",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017242"
}
]
}
}

150
2006/6xxx/CVE-2006-6944.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6944", "ID": "CVE-2006-6944",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9" "lang": "eng",
}, "value": "phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers."
{ }
"name" : "DSA-1370", ]
"refsource" : "DEBIAN", },
"url" : "http://www.us.debian.org/security/2007/dsa-1370" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4572", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4572" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26733", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26733" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2006-4572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4572"
},
{
"name": "26733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26733"
},
{
"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9"
},
{
"name": "DSA-1370",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2007/dsa-1370"
}
]
}
}

170
2006/7xxx/CVE-2006-7156.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7156", "ID": "CVE-2006-7156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2528", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2528" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter."
{ }
"name" : "20070303 Keyword Replacer plugin RFI seems to be fixed", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2007-March/001411.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20492", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20492" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4026", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4026" ]
}, },
{ "references": {
"name" : "29709", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29709" "name": "22401",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22401"
"name" : "22401", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22401" "name": "2528",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2528"
} },
} {
"name": "20070303 Keyword Replacer plugin RFI seems to be fixed",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-March/001411.html"
},
{
"name": "ADV-2006-4026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4026"
},
{
"name": "29709",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29709"
},
{
"name": "20492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20492"
}
]
}
}

360
2010/2xxx/CVE-2010-2943.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2943", "ID": "CVE-2010-2943",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle."
{ }
"name" : "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly", ]
"refsource" : "MLIST", },
"url" : "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup", "description": [
"refsource" : "MLIST", {
"url" : "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED", ]
"refsource" : "MLIST", }
"url" : "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768" ]
}, },
{ "references": {
"name" : "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769" "name": "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771"
"name" : "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/08/18/2" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d"
"name" : "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/08/19/5" "name": "42527",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/42527"
"name" : "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2", },
"refsource" : "MLIST", {
"url" : "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa"
"name" : "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2", },
"refsource" : "MLIST", {
"url" : "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html" "name": "RHSA-2010:0723",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=624923",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624923"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa" "name": "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=624923", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=624923" "name": "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769"
"name" : "http://support.avaya.com/css/P8/documents/100113326", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100113326" "name": "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/08/18/2"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767"
"name" : "RHSA-2010:0723", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0723.html" "name": "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
}, "refsource": "MLIST",
{ "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
"name" : "USN-1041-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1041-1" "name": "USN-1041-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1041-1"
"name" : "USN-1057-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1057-1" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
"name" : "42527", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42527" "name": "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
}, "refsource": "MLIST",
{ "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html"
"name" : "42758", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42758" "name": "ADV-2011-0280",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0280"
"name" : "43161", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43161" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "42758",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42758"
"name" : "ADV-2011-0070", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0070" "name": "http://support.avaya.com/css/P8/documents/100113326",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100113326"
"name" : "ADV-2011-0280", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0280" "name": "USN-1057-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1057-1"
} },
} {
"name": "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/5"
},
{
"name": "ADV-2011-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188"
},
{
"name": "43161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43161"
}
]
}
}

34
2011/0xxx/CVE-2011-0052.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0052", "ID": "CVE-2011-0052",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2011/0xxx/CVE-2011-0248.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0248", "ID": "CVE-2011-0248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2011-08-03-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" "lang": "eng",
} "value": "Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}

120
2011/0xxx/CVE-2011-0844.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0844", "ID": "CVE-2011-0844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" "lang": "eng",
} "value": "Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

140
2011/1xxx/CVE-2011-1284.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1284", "ID": "CVE-2011-1284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutput Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-056", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056" "lang": "eng",
}, "value": "Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka \"CSRSS Local EOP SrvWriteConsoleOutput Vulnerability.\""
{ }
"name" : "TA11-193A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12734", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12734" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "oval:org.mitre.oval:def:12734",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12734"
},
{
"name": "MS11-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-056"
}
]
}
}

190
2011/1xxx/CVE-2011-1533.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-1533", "ID": "CVE-2011-1533",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBPI02656", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130262523515904&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "SSRT090262", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=130262523515904&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47319", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47319" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025315", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1025315" ]
}, },
{ "references": {
"name" : "44143", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44143" "name": "8203",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8203"
"name" : "8203", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8203" "name": "ADV-2011-0931",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0931"
"name" : "ADV-2011-0931", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0931" "name": "44143",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44143"
"name" : "photosmart-unspec-xss(66683)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66683" "name": "1025315",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1025315"
} },
} {
"name": "photosmart-unspec-xss(66683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66683"
},
{
"name": "HPSBPI02656",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name": "SSRT090262",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130262523515904&w=2"
},
{
"name": "47319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47319"
}
]
}
}

160
2011/1xxx/CVE-2011-1537.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-1537", "ID": "CVE-2011-1537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02661", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130331221326039&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "SSRT100408", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=130331221326039&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1025419", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025419" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44234", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/44234" ]
}, },
{ "references": {
"name" : "8236", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8236" "name": "SSRT100408",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=130331221326039&w=2"
} },
} {
"name": "1025419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025419"
},
{
"name": "HPSBMA02661",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331221326039&w=2"
},
{
"name": "8236",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8236"
},
{
"name": "44234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44234"
}
]
}
}

140
2011/1xxx/CVE-2011-1796.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-1796", "ID": "CVE-2011-1796",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://crbug.com/79055", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/79055" "lang": "eng",
}, "value": "Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element."
{ }
"name" : "http://launchpad.net/bugs/778822", ]
"refsource" : "CONFIRM", },
"url" : "http://launchpad.net/bugs/778822" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://trac.webkit.org/changeset/84300", "description": [
"refsource" : "CONFIRM", {
"url" : "http://trac.webkit.org/changeset/84300" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://trac.webkit.org/changeset/84300",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/84300"
},
{
"name": "http://crbug.com/79055",
"refsource": "CONFIRM",
"url": "http://crbug.com/79055"
},
{
"name": "http://launchpad.net/bugs/778822",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/778822"
}
]
}
}

160
2011/1xxx/CVE-2011-1853.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-1853", "ID": "CVE-2011-1853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-165/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-165/" "lang": "eng",
}, "value": "tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table."
{ }
"name" : "HPSBGN02680", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100361", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47789", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/47789" ]
}, },
{ "references": {
"name" : "1025519", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025519" "name": "HPSBGN02680",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
} },
} {
"name": "1025519",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025519"
},
{
"name": "SSRT100361",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-165/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-165/"
},
{
"name": "47789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47789"
}
]
}
}

150
2011/3xxx/CVE-2011-3875.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3875", "ID": "CVE-2011-3875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=88949", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=88949" "lang": "eng",
}, "value": "Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12275", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12275" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "chrome-draganddrop-spoofing(70953)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70953" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://code.google.com/p/chromium/issues/detail?id=88949",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=88949"
},
{
"name": "chrome-draganddrop-spoofing(70953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70953"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "oval:org.mitre.oval:def:12275",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12275"
}
]
}
}

150
2011/4xxx/CVE-2011-4134.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4134", "ID": "CVE-2011-4134",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-244/", "description_data": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-244/" "lang": "eng",
}, "value": "Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet."
{ }
"name" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200980&sliceId=1", ]
"refsource" : "CONFIRM", },
"url" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200980&sliceId=1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.flexerasoftware.com/pl/12982.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.flexerasoftware.com/pl/12982.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48927", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48927" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200980&sliceId=1",
"refsource": "CONFIRM",
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200980&sliceId=1"
},
{
"name": "48927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48927"
},
{
"name": "http://www.flexerasoftware.com/pl/12982.htm",
"refsource": "CONFIRM",
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-244/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
}
]
}
}

34
2011/4xxx/CVE-2011-4154.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4154", "ID": "CVE-2011-4154",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2011/4xxx/CVE-2011-4846.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4846", "ID": "CVE-2011-4846",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2011/5xxx/CVE-2011-5218.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5218", "ID": "CVE-2011-5218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18250", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18250" "lang": "eng",
}, "value": "SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
{ }
"name" : "51110", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51110" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "77944", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/77944" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47261", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/47261" ]
}, },
{ "references": {
"name" : "dotaopenstats-index-sql-injection(71879)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71879" "name": "51110",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51110"
} },
} {
"name": "77944",
"refsource": "OSVDB",
"url": "http://osvdb.org/77944"
},
{
"name": "dotaopenstats-index-sql-injection(71879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71879"
},
{
"name": "47261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47261"
},
{
"name": "18250",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18250"
}
]
}
}

34
2013/5xxx/CVE-2013-5272.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5272", "ID": "CVE-2013-5272",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/2xxx/CVE-2014-2035.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2035", "ID": "CVE-2014-2035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140220 [CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/531191/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter."
{ }
"name" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19", ]
"refsource" : "CONFIRM", },
"url" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65734", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65734" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19",
"refsource": "CONFIRM",
"url": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19"
},
{
"name": "20140220 [CVE-2014-2035] XSS in InterWorx Web Control Panel <= 5.0.12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531191/100/0/threaded"
},
{
"name": "65734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65734"
}
]
}
}

160
2014/2xxx/CVE-2014-2485.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2485", "ID": "CVE-2014-2485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services."
{ }
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" ]
}, },
{ "references": {
"name" : "1030585", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030585" "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
} "refsource": "CONFIRM",
] "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
} },
} {
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030585"
}
]
}
}

210
2014/2xxx/CVE-2014-2583.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2583", "ID": "CVE-2014-2583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140324 pam_timestamp internals", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/03/24/5" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function."
{ }
"name" : "[oss-security] 20140326 Re: pam_timestamp internals", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/03/26/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20140331 Re: pam_timestamp internals", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/03/31/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8", ]
"refsource" : "CONFIRM", }
"url" : "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8" ]
}, },
{ "references": {
"name" : "GLSA-201605-05", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201605-05" "name": "[oss-security] 20140324 pam_timestamp internals",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/03/24/5"
"name" : "USN-2935-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2935-1" "name": "66493",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/66493"
"name" : "USN-2935-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2935-2" "name": "GLSA-201605-05",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201605-05"
"name" : "USN-2935-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2935-3" "name": "57317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57317"
"name" : "66493", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66493" "name": "USN-2935-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2935-2"
"name" : "57317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57317" "name": "[oss-security] 20140331 Re: pam_timestamp internals",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2014/03/31/6"
} },
} {
"name": "USN-2935-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-3"
},
{
"name": "USN-2935-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2935-1"
},
{
"name": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8"
},
{
"name": "[oss-security] 20140326 Re: pam_timestamp internals",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/10"
}
]
}
}

34
2014/2xxx/CVE-2014-2676.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2676", "ID": "CVE-2014-2676",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/2xxx/CVE-2014-2697.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2697", "ID": "CVE-2014-2697",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/2xxx/CVE-2014-2754.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2754", "ID": "CVE-2014-2754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1774 and CVE-2014-1788."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-035", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1774 and CVE-2014-1788."
{ }
"name" : "67839", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67839" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030370", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030370" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name": "67839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67839"
}
]
}
}

150
2014/3xxx/CVE-2014-3531.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3531", "ID": "CVE-2014-3531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.theforeman.org/issues/6580", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.theforeman.org/issues/6580" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108745", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108745" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/theforeman/foreman/pull/1580", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/theforeman/foreman/pull/1580" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://theforeman.org/security.html#2014-3531", ]
"refsource" : "CONFIRM", }
"url" : "https://theforeman.org/security.html#2014-3531" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/theforeman/foreman/pull/1580",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman/pull/1580"
},
{
"name": "http://projects.theforeman.org/issues/6580",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/6580"
},
{
"name": "https://theforeman.org/security.html#2014-3531",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2014-3531"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108745",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108745"
}
]
}
}

140
2014/6xxx/CVE-2014-6116.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6116", "ID": "CVE-2014-6116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686210", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686210" "lang": "eng",
}, "value": "The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration."
{ }
"name" : "61064", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/61064" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-websphere-cve20146116-sec-bypass(96213)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686210",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686210"
},
{
"name": "61064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61064"
},
{
"name": "ibm-websphere-cve20146116-sec-bypass(96213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96213"
}
]
}
}

160
2014/6xxx/CVE-2014-6396.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6396", "ID": "CVE-2014-6396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534248/100/0/threaded" "lang": "eng",
}, "value": "The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location."
{ }
"name" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/", ]
"refsource" : "MISC", },
"url" : "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201505-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201505-01" ]
}, },
{ "references": {
"name" : "71697", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71697" "name": "GLSA-201505-01",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201505-01"
} },
} {
"name": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/",
"refsource": "MISC",
"url": "https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/"
},
{
"name": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a",
"refsource": "CONFIRM",
"url": "https://github.com/Ettercap/ettercap/commit/e3abe7d7585ecc420a7cab73313216613aadad5a"
},
{
"name": "71697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71697"
},
{
"name": "20141216 \"Ettercap 8.0 - 8.1\" multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534248/100/0/threaded"
}
]
}
}

140
2014/6xxx/CVE-2014-6776.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6776", "ID": "CVE-2014-6776",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#549937", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/549937" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#549937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/549937"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6805.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6805", "ID": "CVE-2014-6805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#555041", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/555041" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#555041",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555041"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6926.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6926", "ID": "CVE-2014-6926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#827577", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/827577" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#827577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/827577"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7077.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7077", "ID": "CVE-2014-7077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#831009", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/831009" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#831009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/831009"
}
]
}
}

34
2014/7xxx/CVE-2014-7159.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7159", "ID": "CVE-2014-7159",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7320.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7320", "ID": "CVE-2014-7320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#586633", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/586633" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#586633",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/586633"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7504.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7504", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7504",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7756.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7756", "ID": "CVE-2014-7756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#336009", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/336009" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#336009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/336009"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7872.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7872", "ID": "CVE-2014-7872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37065", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/37065/" "lang": "eng",
}, "value": "Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server."
{ }
"name" : "http://packetstormsecurity.com/files/135841/Comodo-Internet-Security-VNC-Server-Exposure.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/135841/Comodo-Internet-Security-VNC-Server-Exposure.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "122355", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/122355" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "37065",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37065/"
},
{
"name": "122355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/122355"
},
{
"name": "http://packetstormsecurity.com/files/135841/Comodo-Internet-Security-VNC-Server-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135841/Comodo-Internet-Security-VNC-Server-Exposure.html"
}
]
}
}

140
2017/0xxx/CVE-2017-0080.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0080", "ID": "CVE-2017-0080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Win32k", "product_name": "Win32k",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016" "version_value": "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080" "lang": "eng",
}, "value": "The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082."
{ }
"name" : "96633", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96633" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038017", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038017" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080"
},
{
"name": "96633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96633"
},
{
"name": "1038017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038017"
}
]
}
}

172
2017/0xxx/CVE-2017-0598.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0598", "ID": "CVE-2017-0598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.4.4" "version_value": "4.4.4"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677."
{ }
"name" : "98133", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98133" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98133"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

140
2017/18xxx/CVE-2017-18258.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18258", "ID": "CVE-2017-18258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" "lang": "eng",
}, "value": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file."
{ }
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", ]
"refsource" : "MISC", },
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3739-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3739-1/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"
},
{
"name": "USN-3739-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3739-1/"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb",
"refsource": "MISC",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb"
}
]
}
}

130
2017/18xxx/CVE-2017-18284.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18284", "ID": "CVE-2017-18284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.gentoo.org/628770", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/628770" "lang": "eng",
}, "value": "The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL."
{ }
"name" : "GLSA-201806-03", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201806-03" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201806-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-03"
},
{
"name": "https://bugs.gentoo.org/628770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/628770"
}
]
}
}

34
2017/1xxx/CVE-2017-1244.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1244", "ID": "CVE-2017-1244",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2017/1xxx/CVE-2017-1486.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-04-18T00:00:00", "DATE_PUBLIC": "2018-04-18T00:00:00",
"ID" : "CVE-2017-1486", "ID": "CVE-2017-1486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cognos Business Intelligence", "product_name": "Cognos Business Intelligence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.2" "version_value": "10.2"
}, },
{ {
"version_value" : "10.2.1" "version_value": "10.2.1"
}, },
{ {
"version_value" : "10.2.1.1" "version_value": "10.2.1.1"
}, },
{ {
"version_value" : "10.2.2" "version_value": "10.2.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014202", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014202" "lang": "eng",
}, "value": "IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624."
{ }
"name" : "ibm-cognos-cve20171486-xss(128624)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128624" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-cognos-cve20171486-xss(128624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128624"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22014202",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22014202"
}
]
}
}

198
2017/1xxx/CVE-2017-1699.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-1699", "ID": "CVE-2017-1699",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MQ", "product_name": "MQ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
}, },
{ {
"version_value" : "9.0.0.1" "version_value": "9.0.0.1"
}, },
{ {
"version_value" : "9.0.2" "version_value": "9.0.2"
}, },
{ {
"version_value" : "8.0.0.1" "version_value": "8.0.0.1"
}, },
{ {
"version_value" : "8.0.0.2" "version_value": "8.0.0.2"
}, },
{ {
"version_value" : "8.0.0.3" "version_value": "8.0.0.3"
}, },
{ {
"version_value" : "8.0.0.4" "version_value": "8.0.0.4"
}, },
{ {
"version_value" : "8.0.0.5" "version_value": "8.0.0.5"
}, },
{ {
"version_value" : "8.0.0.6" "version_value": "8.0.0.6"
}, },
{ {
"version_value" : "9.0.3" "version_value": "9.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391" "lang": "eng",
}, "value": "IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22010340", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22010340" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010340",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010340"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134391"
}
]
}
}

34
2017/1xxx/CVE-2017-1843.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1843", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1843",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

170
2017/5xxx/CVE-2017-5094.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5094", "ID": "CVE-2017-5094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android", "product_name": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android" "version_value": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type Confusion"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page."
{ }
"name" : "https://crbug.com/702946", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/702946" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3926", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3926" "lang": "eng",
}, "value": "Type Confusion"
{ }
"name" : "GLSA-201709-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201709-15" ]
}, },
{ "references": {
"name" : "RHSA-2017:1833", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1833" "name": "https://crbug.com/702946",
}, "refsource": "MISC",
{ "url": "https://crbug.com/702946"
"name" : "99950", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99950" "name": "GLSA-201709-15",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201709-15"
} },
} {
"name": "DSA-3926",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name": "99950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99950"
},
{
"name": "RHSA-2017:1833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
}
]
}
}

130
2017/5xxx/CVE-2017-5151.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5151", "ID": "CVE-2017-5151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VideoInsight Web Client 6.3.5.11 and previous", "product_name": "VideoInsight Web Client 6.3.5.11 and previous",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "VideoInsight Web Client 6.3.5.11 and previous" "version_value": "VideoInsight Web Client 6.3.5.11 and previous"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "VideoInsight Web Client SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02" "lang": "eng",
}, "value": "An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution."
{ }
"name" : "95416", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95416" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "VideoInsight Web Client SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95416"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02"
}
]
}
}

120
2017/5xxx/CVE-2017-5236.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5236", "ID": "CVE-2017-5236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AppSpider Pro", "product_name": "AppSpider Pro",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All version prior to 6.14.060" "version_value": "All version prior to 6.14.060"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Rapid7" "vendor_name": "Rapid7"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Preloading"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/docs/DOC-3631", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://community.rapid7.com/docs/DOC-3631" "lang": "eng",
} "value": "Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/docs/DOC-3631",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/docs/DOC-3631"
}
]
}
}

120
2017/5xxx/CVE-2017-5246.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5246", "ID": "CVE-2017-5246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Biscom Secure File Transfer", "product_name": "Biscom Secure File Transfer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.1026 and prior" "version_value": "5.1.1026 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Biscom" "vendor_name": "Biscom"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://twitter.com/i_bo0om/status/885050741567750145", "description_data": [
"refsource" : "MISC", {
"url" : "https://twitter.com/i_bo0om/status/885050741567750145" "lang": "eng",
} "value": "Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/i_bo0om/status/885050741567750145",
"refsource": "MISC",
"url": "https://twitter.com/i_bo0om/status/885050741567750145"
}
]
}
}