admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:12:54 +00:00
parent 4d7f1f4e7b
commit e7fca1ea22
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4140 additions and 4140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0252.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0252", "ID": "CVE-2006-0252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060115 [eVuln] Benders Calendar SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/422052/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters."
{ }
"name" : "http://evuln.com/vulns/30/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/30/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16242", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16242" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0190", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0190" ]
}, },
{ "references": {
"name" : "22449", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22449" "name": "18462",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18462"
"name" : "1015491", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015491" "name": "20060115 [eVuln] Benders Calendar SQL Injection",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/422052/100/0/threaded"
"name" : "18462", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18462" "name": "22449",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22449"
"name" : "benderscalendar-sql-injection(24120)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24120" "name": "1015491",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015491"
} },
} {
"name": "ADV-2006-0190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0190"
},
{
"name": "16242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16242"
},
{
"name": "benderscalendar-sql-injection(24120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24120"
},
{
"name": "http://evuln.com/vulns/30/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/30/summary.html"
}
]
}
}

190
2006/0xxx/CVE-2006-0433.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secteam@freebsd.org",
"ID" : "CVE-2006-0433", "ID": "CVE-2006-0433",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-06:08", "description_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc" "lang": "eng",
}, "value": "Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop)."
{ }
"name" : "16466", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16466" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0409", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0409" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22861", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22861" ]
}, },
{ "references": {
"name" : "1015566", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015566" "name": "ADV-2006-0409",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0409"
"name" : "18696", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18696" "name": "FreeBSD-SA-06:08",
}, "refsource": "FREEBSD",
{ "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc"
"name" : "399", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/399" "name": "22861",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22861"
"name" : "bsd-sack-handling-dos(24453)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24453" "name": "16466",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16466"
} },
} {
"name": "1015566",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015566"
},
{
"name": "399",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/399"
},
{
"name": "bsd-sack-handling-dos(24453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24453"
},
{
"name": "18696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18696"
}
]
}
}

190
2006/0xxx/CVE-2006-0775.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0775", "ID": "CVE-2006-0775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.evuln.com/vulns/74/summary.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.evuln.com/vulns/74/summary.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error."
{ }
"name" : "20060215 EV0074 BirthSys 3.1 SQL injection (fwd)", ]
"refsource" : "VIM", },
"url" : "http://attrition.org/pipermail/vim/2006-February/000549.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16684", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16684" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0621", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0621" ]
}, },
{ "references": {
"name" : "23185", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23185" "name": "23185",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23185"
"name" : "18893", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18893" "name": "ADV-2006-0621",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0621"
"name" : "467", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/467" "name": "birthsys-show-date-sql-injection(24617)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24617"
"name" : "birthsys-show-date-sql-injection(24617)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24617" "name": "467",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/467"
} },
} {
"name": "20060215 EV0074 BirthSys 3.1 SQL injection (fwd)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-February/000549.html"
},
{
"name": "http://www.evuln.com/vulns/74/summary.html",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/74/summary.html"
},
{
"name": "18893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18893"
},
{
"name": "16684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16684"
}
]
}
}

34
2006/0xxx/CVE-2006-0952.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0952", "ID": "CVE-2006-0952",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

430
2006/1xxx/CVE-2006-1490.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1490", "ID": "CVE-2006-1490",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060328 Critical PHP bug - act ASAP if you are running web with sensitive data", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/429164/100/0/threaded" "lang": "eng",
}, "value": "PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue. NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents."
{ }
"name" : "20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/429162/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=127939", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=127939" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113", ]
"refsource" : "MISC", }
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113" ]
}, },
{ "references": {
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log", "reference_data": [
"refsource" : "MISC", {
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log" "name": "MDKSA-2006:063",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:063"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm" "name": "oval:org.mitre.oval:def:11084",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084"
"name" : "http://docs.info.apple.com/article.html?artnum=304829", },
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=304829" "name": "ADV-2006-4750",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4750"
"name" : "APPLE-SA-2006-11-28", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" "name": "20060328 Critical PHP bug - act ASAP if you are running web with sensitive data",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/429164/100/0/threaded"
"name" : "GLSA-200605-08", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200605-08.xml" "name": "19499",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19499"
"name" : "MDKSA-2006:063", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:063" "name": "17296",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17296"
"name" : "RHSA-2006:0276", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0276.html" "name": "20210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20210"
"name" : "20060501-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" "name": "http://docs.info.apple.com/article.html?artnum=304829",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=304829"
"name" : "SUSE-SA:2006:024", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html" "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113",
}, "refsource": "MISC",
{ "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113"
"name" : "2006-0020", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0020" "name": "RHSA-2006:0276",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
"name" : "USN-320-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-320-1" "name": "GLSA-200605-08",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200605-08.xml"
"name" : "TA06-333A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" "name": "19570",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19570"
"name" : "17296", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17296" "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log",
}, "refsource": "MISC",
{ "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log"
"name" : "oval:org.mitre.oval:def:11084", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084" "name": "php-htmlentitydecode-information-disclosure(25508)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25508"
"name" : "ADV-2006-1149", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1149" "name": "19383",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19383"
"name" : "ADV-2006-2685", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2685" "name": "USN-320-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-320-1"
"name" : "ADV-2006-4750", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4750" "name": "23155",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23155"
"name" : "19383", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19383" "name": "19979",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19979"
"name" : "19499", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19499" "name": "20951",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20951"
"name" : "19570", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19570" "name": "21125",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21125"
"name" : "19832", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19832" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
"name" : "20951", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20951" "name": "20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/429162/100/0/threaded"
"name" : "23155", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23155" "name": "19832",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19832"
"name" : "19979", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19979" "name": "20060501-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
"name" : "20052", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20052" "name": "APPLE-SA-2006-11-28",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
"name" : "20210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20210" "name": "TA06-333A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
"name" : "21125", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21125" "name": "http://bugs.gentoo.org/show_bug.cgi?id=127939",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=127939"
"name" : "php-htmlentitydecode-information-disclosure(25508)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25508" "name": "20052",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20052"
} },
} {
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "ADV-2006-2685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "SUSE-SA:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/05-05-2006.html"
},
{
"name": "ADV-2006-1149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1149"
}
]
}
}

150
2006/1xxx/CVE-2006-1895.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1895", "ID": "CVE-2006-1895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060414 phpBB template file code execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431017/100/0/threaded" "lang": "eng",
}, "value": "Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose \".*\" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl."
{ }
"name" : "17573", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17573" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "769", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/769" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpbb-template-code-execution(25888)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060414 phpBB template file code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431017/100/0/threaded"
},
{
"name": "17573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17573"
},
{
"name": "769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/769"
},
{
"name": "phpbb-template-code-execution(25888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25888"
}
]
}
}

180
2006/1xxx/CVE-2006-1988.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1988", "ID": "CVE-2006-1988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.security-protocols.com/sp-x26-advisory.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.security-protocols.com/sp-x26-advisory.php" "lang": "eng",
}, "value": "The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE."
{ }
"name" : "http://security-protocols.com/poc/sp-x26-2.html", ]
"refsource" : "MISC", },
"url" : "http://security-protocols.com/poc/sp-x26-2.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17634", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17634" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1452", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1452" ]
}, },
{ "references": {
"name" : "24823", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24823" "name": "http://www.security-protocols.com/sp-x26-advisory.php",
}, "refsource": "MISC",
{ "url": "http://www.security-protocols.com/sp-x26-advisory.php"
"name" : "19686", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19686" "name": "macosx-safari-dos(25946)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25946"
"name" : "macosx-safari-dos(25946)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25946" "name": "ADV-2006-1452",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1452"
} },
} {
"name": "http://security-protocols.com/poc/sp-x26-2.html",
"refsource": "MISC",
"url": "http://security-protocols.com/poc/sp-x26-2.html"
},
{
"name": "17634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17634"
},
{
"name": "24823",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24823"
},
{
"name": "19686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19686"
}
]
}
}

190
2006/3xxx/CVE-2006-3498.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3498", "ID": "CVE-2006-3498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2006-08-01", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request."
{ }
"name" : "TA06-214A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#776628", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/776628" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19289", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19289" ]
}, },
{ "references": {
"name" : "ADV-2006-3101", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "APPLE-SA-2006-08-01",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
"name" : "27736", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27736" "name": "macosx-bootp-bo(28139)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28139"
"name" : "21253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21253" "name": "27736",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27736"
"name" : "macosx-bootp-bo(28139)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28139" "name": "ADV-2006-3101",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3101"
} },
} {
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "VU#776628",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/776628"
}
]
}
}

230
2006/3xxx/CVE-2006-3704.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3704", "ID": "CVE-2006-3704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMA02133", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT061201", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" ]
}, },
{ "references": {
"name" : "TA06-200A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" "name": "1016529",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016529"
"name" : "19054", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19054" "name": "19054",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19054"
"name" : "ADV-2006-2863", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2863" "name": "oracle-cpu-july-2006(27897)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
"name" : "ADV-2006-2947", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2947" "name": "21165",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21165"
"name" : "1016529", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016529" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
"name" : "21111", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21111" "name": "ADV-2006-2947",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2947"
"name" : "21165", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21165" "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
"name" : "oracle-cpu-july-2006(27897)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
} },
} {
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

34
2006/3xxx/CVE-2006-3866.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-3866", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-3866",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4868. Reason: This candidate is a duplicate of CVE-2006-4868. Notes: All CVE users should reference CVE-2006-4868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4868. Reason: This candidate is a duplicate of CVE-2006-4868. Notes: All CVE users should reference CVE-2006-4868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

170
2006/4xxx/CVE-2006-4418.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4418", "ID": "CVE-2006-4418",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2252", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2252" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file."
{ }
"name" : "19694", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19694" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3386", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3386" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28177", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/28177" ]
}, },
{ "references": {
"name" : "21542", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21542" "name": "wikepage-index-file-include(28555)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28555"
"name" : "wikepage-index-file-include(28555)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28555" "name": "2252",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2252"
} },
} {
"name": "28177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28177"
},
{
"name": "21542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21542"
},
{
"name": "ADV-2006-3386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3386"
},
{
"name": "19694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19694"
}
]
}
}

150
2006/4xxx/CVE-2006-4460.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4460", "ID": "CVE-2006-4460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wacha.ch/wiki/addressbook:changelog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wacha.ch/wiki/addressbook:changelog" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "19845", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19845" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21730", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21730" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpiaddressbook-unspecified-xss(28723)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28723" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://wacha.ch/wiki/addressbook:changelog",
"refsource": "CONFIRM",
"url": "http://wacha.ch/wiki/addressbook:changelog"
},
{
"name": "21730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21730"
},
{
"name": "phpiaddressbook-unspecified-xss(28723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28723"
},
{
"name": "19845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19845"
}
]
}
}

190
2006/4xxx/CVE-2006-4668.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4668", "ID": "CVE-2006-4668",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060907 XSS in AckerTodo v4.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445465/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command."
{ }
"name" : "20060926 Re: XSS in AckerTodo v4.0", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/447071/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19894", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3517", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3517" ]
}, },
{ "references": {
"name" : "28611", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28611" "name": "1531",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1531"
"name" : "21810", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21810" "name": "ADV-2006-3517",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3517"
"name" : "1531", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1531" "name": "21810",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21810"
"name" : "ackertodo-index-xss(28810)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28810" "name": "20060907 XSS in AckerTodo v4.0",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/445465/100/0/threaded"
} },
} {
"name": "ackertodo-index-xss(28810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28810"
},
{
"name": "20060926 Re: XSS in AckerTodo v4.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447071/100/100/threaded"
},
{
"name": "28611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28611"
},
{
"name": "19894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19894"
}
]
}
}

150
2006/4xxx/CVE-2006-4912.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4912", "ID": "CVE-2006-4912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2373", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2373" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter."
{ }
"name" : "20041", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20041" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3641", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3641" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpdocwriter-index-file-include(28989)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28989" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2006-3641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3641"
},
{
"name": "20041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20041"
},
{
"name": "phpdocwriter-index-file-include(28989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28989"
},
{
"name": "2373",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2373"
}
]
}
}

190
2010/2xxx/CVE-2010-2387.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-2387", "ID": "CVE-2010-2387",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes" "lang": "eng",
}, "value": "vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs."
{ }
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure", ]
"refsource" : "CONFIRM", },
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=571846", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=571846" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ASB-2010.0184", ]
"refsource" : "AUSCERT", }
"url" : "http://www.auscert.org.au/13123" ]
}, },
{ "references": {
"name" : "66643", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/66643" "name": "https://bugzilla.gnome.org/show_bug.cgi?id=571846",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.gnome.org/show_bug.cgi?id=571846"
"name" : "40690", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40690" "name": "ASB-2010.0184",
}, "refsource": "AUSCERT",
{ "url": "http://www.auscert.org.au/13123"
"name" : "40780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40780" "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure",
}, "refsource": "CONFIRM",
{ "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure"
"name" : "solaris-gdm-information-disclosure(60642)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642" "name": "40690",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/40690"
} },
} {
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes"
},
{
"name": "solaris-gdm-information-disclosure(60642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60642"
},
{
"name": "40780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40780"
},
{
"name": "66643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66643"
}
]
}
}

200
2010/2xxx/CVE-2010-2452.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2452", "ID": "CVE-2010-2452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[KVIrc] 20100517 Proposal for a stable release of kvirc4", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors."
{ }
"name" : "DSA-2065", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2010/dsa-2065" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2010-10522", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-10529", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2010:014", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" "name": "FEDORA-2010-10522",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html"
"name" : "40746", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40746" "name": "[KVIrc] 20100517 Proposal for a stable release of kvirc4",
}, "refsource": "MLIST",
{ "url": "http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html"
"name" : "40349", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40349" "name": "40746",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40746"
"name" : "32410", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32410" "name": "ADV-2010-1602",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1602"
"name" : "ADV-2010-1602", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1602" "name": "FEDORA-2010-10529",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html"
} },
} {
"name": "DSA-2065",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2065"
},
{
"name": "40349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40349"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "32410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32410"
}
]
}
}

150
2010/2xxx/CVE-2010-2598.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2598", "ID": "CVE-2010-2598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081" "lang": "eng",
}, "value": "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\""
{ }
"name" : "RHSA-2010:0520", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0520.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40536", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40536" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-1761", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/1761" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2010-1761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1761"
},
{
"name": "RHSA-2010:0520",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0520.html"
},
{
"name": "40536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40536"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
}
]
}
}

160
2010/2xxx/CVE-2010-2986.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2986", "ID": "CVE-2010-2986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100804 Cisco Wireless Control System XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/512878/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288."
{ }
"name" : "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt", ]
"refsource" : "MISC", },
"url" : "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42216", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/42216" ]
}, },
{ "references": {
"name" : "40827", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40827" "name": "42216",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/42216"
} },
} {
"name": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt"
},
{
"name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
},
{
"name": "20100804 Cisco Wireless Control System XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512878/100/0/threaded"
},
{
"name": "40827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40827"
}
]
}
}

150
2010/3xxx/CVE-2010-3014.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3014", "ID": "CVE-2010-3014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513151/100/0/threaded" "lang": "eng",
}, "value": "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read."
{ }
"name" : "http://www.vsecurity.com/resources/advisory/20100816-1/", ]
"refsource" : "MISC", },
"url" : "http://www.vsecurity.com/resources/advisory/20100816-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100816-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100816-1/"
},
{
"name": "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997",
"refsource": "CONFIRM",
"url": "http://svn.freebsd.org/viewvc/base?view=revision&revision=210997"
},
{
"name": "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513151/100/0/threaded"
}
]
}
}

210
2010/3xxx/CVE-2010-3915.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2010-3915", "ID": "CVE-2010-3915",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ipa.go.jp/about/press/20101104_2.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ipa.go.jp/about/press/20101104_2.html" "lang": "eng",
}, "value": "Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916."
{ }
"name" : "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed", ]
"refsource" : "MISC", },
"url" : "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.justsystems.com/jp/info/js10003.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.justsystems.com/jp/info/js10003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#19173793", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/en/jp/JVN19173793/index.html" ]
}, },
{ "references": {
"name" : "JVNDB-2010-000052", "reference_data": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html" "name": "JVNDB-2010-000052",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000052.html"
"name" : "44637", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44637" "name": "42099",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42099"
"name" : "69020", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/69020" "name": "http://www.ipa.go.jp/about/press/20101104_2.html",
}, "refsource": "MISC",
{ "url": "http://www.ipa.go.jp/about/press/20101104_2.html"
"name" : "42099", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42099" "name": "JVN#19173793",
}, "refsource": "JVN",
{ "url": "http://jvn.jp/en/jp/JVN19173793/index.html"
"name" : "ADV-2010-2885", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2885" "name": "44637",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/44637"
"name" : "ichitaro-unspecified-code-exec(62997)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62997" "name": "ichitaro-unspecified-code-exec(62997)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62997"
} },
} {
"name": "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed",
"refsource": "MISC",
"url": "http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-confirmed"
},
{
"name": "69020",
"refsource": "OSVDB",
"url": "http://osvdb.org/69020"
},
{
"name": "http://www.justsystems.com/jp/info/js10003.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/js10003.html"
},
{
"name": "ADV-2010-2885",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2885"
}
]
}
}

34
2010/3xxx/CVE-2010-3948.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-3948", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-3948",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

240
2010/4xxx/CVE-2010-4341.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4341", "ID": "CVE-2010-4341",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=661163", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661163" "lang": "eng",
}, "value": "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet."
{ }
"name" : "FEDORA-2011-0337", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2011-0364", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2011:0560", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0560.html" ]
}, },
{ "references": {
"name" : "RHSA-2011:0975", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0975.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "45961",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45961"
"name" : "45961", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45961" "name": "43055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43055"
"name" : "43053", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43053" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "43055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43055" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=661163",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "FEDORA-2011-0364",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
"name" : "ADV-2011-0197", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0197" "name": "sssd-pamparseindatav2-dos(64881)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "RHSA-2011:0560",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
"name" : "sssd-pamparseindatav2-dos(64881)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881" "name": "FEDORA-2011-0337",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
} },
} {
"name": "ADV-2011-0197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"name": "RHSA-2011:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "43053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43053"
}
]
}
}

160
2010/4xxx/CVE-2010-4675.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4675", "ID": "CVE-2010-4675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the \"lowest security level interface,\" aka Bug ID CSCsv40504."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" "lang": "eng",
}, "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the \"lowest security level interface,\" aka Bug ID CSCsv40504."
{ }
"name" : "45767", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024963", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024963" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42931", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/42931" ]
}, },
{ "references": {
"name" : "asa-telnet-security-bypass(64601)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64601" "name": "1024963",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024963"
} },
} {
"name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"name": "asa-telnet-security-bypass(64601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64601"
},
{
"name": "45767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45767"
},
{
"name": "42931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42931"
}
]
}
}

140
2010/4xxx/CVE-2010-4686.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4686", "ID": "CVE-2010-4686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf" "lang": "eng",
}, "value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a \"peculiar\" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950."
{ }
"name" : "45769", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45769" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ciscoios-siptrunk-dos(64585)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-siptrunk-dos(64585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64585"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45769"
}
]
}
}

160
2011/1xxx/CVE-2011-1103.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1103", "ID": "CVE-2011-1103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html" "lang": "eng",
}, "value": "The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html."
{ }
"name" : "1025124", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1025124" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43049", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43049" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2011-0509", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2011/0509" ]
}, },
{ "references": {
"name" : "fsecure-webreporting-path-disclosure(65664)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65664" "name": "43049",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/43049"
} },
} {
"name": "ADV-2011-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0509"
},
{
"name": "fsecure-webreporting-path-disclosure(65664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65664"
},
{
"name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html"
},
{
"name": "1025124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025124"
}
]
}
}

210
2011/1xxx/CVE-2011-1687.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1687", "ID": "CVE-2011-1687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20110414 RT 3.6.11 Released - Security Release", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html" "lang": "eng",
}, "value": "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords."
{ }
"name" : "[rt-announce] 20110414 RT 3.8.10 Released - Security Release", ]
"refsource" : "MLIST", },
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[rt-announce] 20110414 Security vulnerabilities in RT", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html", ]
"refsource" : "CONFIRM", }
"url" : "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696795" "name": "ADV-2011-1071",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/1071"
"name" : "DSA-2220", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2220" "name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
}, "refsource": "MLIST",
{ "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
"name" : "47383", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47383" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
"name" : "44189", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44189" "name": "rt-search-interface-info-disclosure(66793)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
"name" : "ADV-2011-1071", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1071" "name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
}, "refsource": "CONFIRM",
{ "url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
"name" : "rt-search-interface-info-disclosure(66793)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793" "name": "47383",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/47383"
} },
} {
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}

130
2011/1xxx/CVE-2011-1821.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1821", "ID": "CVE-2011-1821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029663", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029663" "lang": "eng",
}, "value": "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search."
{ }
"name" : "IO13000", ]
"refsource" : "AIXAPAR", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO13000" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IO13000",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO13000"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029663",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029663"
}
]
}
}

170
2011/5xxx/CVE-2011-5263.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5263", "ID": "CVE-2011-5263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111117 [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520551/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter."
{ }
"name" : "http://dsecrg.com/pages/vul/show.php?id=330", ]
"refsource" : "MISC", },
"url" : "http://dsecrg.com/pages/vul/show.php?id=330" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49266", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/49266/info" ]
}, },
{ "references": {
"name" : "45708", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45708" "name": "45708",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45708"
"name" : "20110819netweaver-server-xss(69331)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69331" "name": "49266",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/49266/info"
} },
} {
"name": "20110819netweaver-server-xss(69331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69331"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=330",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=330"
},
{
"name": "20111117 [DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520551/100/0/threaded"
},
{
"name": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4",
"refsource": "CONFIRM",
"url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4"
}
]
}
}

160
2011/5xxx/CVE-2011-5267.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5267", "ID": "CVE-2011-5267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "16988", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/16988" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670."
{ }
"name" : "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/09/01/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/09/01/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html", ]
"refsource" : "MISC", }
"url" : "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html" ]
}, },
{ "references": {
"name" : "71070", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/71070" "name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
} },
} {
"name": "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html"
},
{
"name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
},
{
"name": "16988",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16988"
},
{
"name": "71070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71070"
}
]
}
}

170
2014/3xxx/CVE-2014-3337.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3337", "ID": "CVE-2014-3337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257" "lang": "eng",
}, "value": "The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428."
{ }
"name" : "20140811 Cisco Unified Communications Manager SIP Subsystem Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69177", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69177" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030709", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030709" ]
}, },
{ "references": {
"name" : "60088", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60088" "name": "69177",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/69177"
"name" : "cucm-cve20143337-dos(95245)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95245" "name": "1030709",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1030709"
} },
} {
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35257"
},
{
"name": "60088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60088"
},
{
"name": "cucm-cve20143337-dos(95245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95245"
},
{
"name": "20140811 Cisco Unified Communications Manager SIP Subsystem Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337"
}
]
}
}

180
2014/3xxx/CVE-2014-3483.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3483", "ID": "CVE-2014-3483",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2014/07/02/5" "lang": "eng",
}, "value": "SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting."
{ }
"name" : "[rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL", ]
"refsource" : "MLIST", },
"url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2982", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2982" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0877", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0877.html" ]
}, },
{ "references": {
"name" : "68341", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68341" "name": "RHSA-2014:0877",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html"
"name" : "59971", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59971" "name": "59971",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59971"
"name" : "60214", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60214" "name": "[oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2014/07/02/5"
} },
} {
"name": "[rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J"
},
{
"name": "60214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60214"
},
{
"name": "DSA-2982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2982"
},
{
"name": "68341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68341"
}
]
}
}

150
2014/3xxx/CVE-2014-3676.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3676", "ID": "CVE-2014-3676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141013 shim RCE", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/10/13/4" "lang": "eng",
}, "value": "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\""
{ }
"name" : "RHSA-2014:1801", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1801.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70409", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70409" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "shim-cve20143676-bo(96988)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20141013 shim RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/4"
},
{
"name": "70409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70409"
},
{
"name": "RHSA-2014:1801",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1801.html"
},
{
"name": "shim-cve20143676-bo(96988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96988"
}
]
}
}

140
2014/7xxx/CVE-2014-7029.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7029", "ID": "CVE-2014-7029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#623065", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/623065" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#623065",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/623065"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

160
2014/7xxx/CVE-2014-7289.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2014-7289", "ID": "CVE-2014-7289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534527/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request."
{ }
"name" : "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Jan/91" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", ]
"refsource" : "CONFIRM", }
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00" ]
}, },
{ "references": {
"name" : "72092", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72092" "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00",
} "refsource": "CONFIRM",
] "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00"
} },
} {
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html"
},
{
"name": "20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/91"
},
{
"name": "72092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72092"
}
]
}
}

160
2014/7xxx/CVE-2014-7866.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7866", "ID": "CVE-2014-7866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533946/100/0/threaded" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet."
{ }
"name" : "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Nov/21" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt", "description": [
"refsource" : "MISC", {
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html" ]
}, },
{ "references": {
"name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability" "name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Nov/21"
} },
} {
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt"
},
{
"name": "20141109 [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533946/100/0/threaded"
},
{
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability",
"refsource": "CONFIRM",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability"
},
{
"name": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8462.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8462", "ID": "CVE-2014-8462",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/8xxx/CVE-2014-8496.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8496", "ID": "CVE-2014-8496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.youtube.com/watch?v=La9nMeVCtt4", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.youtube.com/watch?v=La9nMeVCtt4" "lang": "eng",
} "value": "Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=La9nMeVCtt4",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=La9nMeVCtt4"
}
]
}
}

34
2014/8xxx/CVE-2014-8935.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8935", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8935",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8973", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8973",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8976.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8976", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8976",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/9xxx/CVE-2014-9007.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9007", "ID": "CVE-2014-9007",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2014/9xxx/CVE-2014-9687.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9687", "ID": "CVE-2014-9687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150210 Re: eCryptfs key wrapping help to crack user password", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/02/10/16" "lang": "eng",
}, "value": "eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack."
{ }
"name" : "[oss-security] 20150217 CVE request: Linux kernel ecryptfs 1-byte overwrite", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/02/17/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150227 Re: eCryptfs key wrapping help to crack user password", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/02/28/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.launchpad.net/ecryptfs/+bug/906550", ]
"refsource" : "MISC", }
"url" : "https://bugs.launchpad.net/ecryptfs/+bug/906550" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:0291", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html" "name": "openSUSE-SU-2016:0291",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html"
"name" : "USN-2524-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2524-1" "name": "[oss-security] 20150227 Re: eCryptfs key wrapping help to crack user password",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2015/02/28/3"
} },
} {
"name": "[oss-security] 20150217 CVE request: Linux kernel ecryptfs 1-byte overwrite",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/17/7"
},
{
"name": "[oss-security] 20150210 Re: eCryptfs key wrapping help to crack user password",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/10/16"
},
{
"name": "https://bugs.launchpad.net/ecryptfs/+bug/906550",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ecryptfs/+bug/906550"
},
{
"name": "USN-2524-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2524-1"
}
]
}
}

150
2014/9xxx/CVE-2014-9809.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9809", "ID": "CVE-2014-9809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" "lang": "eng",
}, "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image."
{ }
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4", "description": [
"refsource" : "CONFIRM", {
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343465", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343465" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343465"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4"
}
]
}
}

120
2016/2xxx/CVE-2016-2302.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-2302", "ID": "CVE-2016-2302",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" "lang": "eng",
} "value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03"
}
]
}
}

190
2016/2xxx/CVE-2016-2519.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2519", "ID": "CVE-2016-2519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3008", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3008" "lang": "eng",
}, "value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.netapp.com/advisory/ntap-20171004-0002/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20171004-0002/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FreeBSD-SA-16:16", ]
"refsource" : "FREEBSD", }
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc" ]
}, },
{ "references": {
"name" : "GLSA-201607-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201607-15" "name": "http://support.ntp.org/bin/view/Main/NtpBug3008",
}, "refsource": "CONFIRM",
{ "url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
"name" : "VU#718152", },
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/718152" "name": "VU#718152",
}, "refsource": "CERT-VN",
{ "url": "https://www.kb.cert.org/vuls/id/718152"
"name" : "88204", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/88204" "name": "1035705",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035705"
"name" : "1035705", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035705" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
} },
} {
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}

34
2016/2xxx/CVE-2016-2609.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2609", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2609",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

170
2016/2xxx/CVE-2016-2784.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2784", "ID": "CVE-2016-2784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/538272/100/0/threaded" "lang": "eng",
}, "value": "CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request."
{ }
"name" : "39760", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/39760/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/May/15" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html" ]
}, },
{ "references": {
"name" : "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/" "name": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/136897/CMS-Made-Simple-Cache-Poisoning.html"
"name" : "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/", },
"refsource" : "CONFIRM", {
"url" : "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/" "name": "20160506 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2016/May/15"
} },
} {
"name": "20160504 CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538272/100/0/threaded"
},
{
"name": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/",
"refsource": "CONFIRM",
"url": "http://www.cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/"
},
{
"name": "39760",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39760/"
},
{
"name": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/",
"refsource": "CONFIRM",
"url": "http://www.cmsmadesimple.org/2016/04/Announcing-CMSMS-2-1-3-Black-Point/"
}
]
}
}

130
2016/6xxx/CVE-2016-6340.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6340", "ID": "CVE-2016-6340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370315", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1370315" "lang": "eng",
}, "value": "The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack."
{ }
"name" : "92655", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92655" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370315",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370315"
},
{
"name": "92655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92655"
}
]
}
}

140
2016/6xxx/CVE-2016-6384.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6384", "ID": "CVE-2016-6384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323" "lang": "eng",
}, "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257."
{ }
"name" : "93209", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93209" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036914", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036914" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036914"
},
{
"name": "20160928 Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323"
},
{
"name": "93209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93209"
}
]
}
}

34
2016/6xxx/CVE-2016-6568.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6568", "ID": "CVE-2016-6568",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/7xxx/CVE-2016-7366.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7366", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7366",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/7xxx/CVE-2016-7802.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7802", "ID": "CVE-2016-7802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.cybozu.com/ja-jp/article/9561", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.cybozu.com/ja-jp/article/9561" "lang": "eng",
}, "value": "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
{ }
"name" : "JVN#16200242", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN16200242/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94967", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94967" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9561",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9561"
},
{
"name": "JVN#16200242",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"name": "94967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94967"
}
]
}
}

150
2016/7xxx/CVE-2016-7957.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7957", "ID": "CVE-2016-7957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825" "lang": "eng",
}, "value": "In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings."
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a", ]
"refsource" : "CONFIRM", },
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.wireshark.org/security/wnpa-sec-2016-56.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2016-56.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97597", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97597" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825"
},
{
"name": "97597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97597"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2016-56.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2016-56.html"
}
]
}
}

130
2017/1001xxx/CVE-2017-1001003.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "josh@bress.net",
"ID" : "CVE-2017-1001003", "ID": "CVE-2017-1001003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "math.js", "product_name": "math.js",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.17.0" "version_value": "3.17.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "math.js" "vendor_name": "math.js"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-88: Argument Injection or Modification"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170" "lang": "eng",
}, "value": "math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object."
{ }
"name" : "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-88: Argument Injection or Modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170",
"refsource": "CONFIRM",
"url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170"
},
{
"name": "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761",
"refsource": "CONFIRM",
"url": "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761"
}
]
}
}

180
2017/5xxx/CVE-2017-5033.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5033", "ID": "CVE-2017-5033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://twitter.com/Ma7h1as/status/907641276434063361", "description_data": [
"refsource" : "MISC", {
"url" : "https://twitter.com/Ma7h1as/status/907641276434063361" "lang": "eng",
}, "value": "Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword."
{ }
"name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://crbug.com/669086", "description": [
"refsource" : "CONFIRM", {
"url" : "https://crbug.com/669086" "lang": "eng",
}, "value": "insufficient policy enforcement"
{ }
"name" : "DSA-3810", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3810" ]
}, },
{ "references": {
"name" : "GLSA-201704-02", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201704-02" "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
"name" : "RHSA-2017:0499", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" "name": "https://twitter.com/Ma7h1as/status/907641276434063361",
}, "refsource": "MISC",
{ "url": "https://twitter.com/Ma7h1as/status/907641276434063361"
"name" : "96767", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96767" "name": "https://crbug.com/669086",
} "refsource": "CONFIRM",
] "url": "https://crbug.com/669086"
} },
} {
"name": "GLSA-201704-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-02"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
}

34
2017/5xxx/CVE-2017-5305.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5305", "ID": "CVE-2017-5305",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/5xxx/CVE-2017-5569.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5569", "ID": "CVE-2017-5569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc" "lang": "eng",
}, "value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."
{ }
"name" : "95741", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95741" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95741"
},
{
"name": "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc",
"refsource": "MISC",
"url": "https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc"
}
]
}
}

152
2017/5xxx/CVE-2017-5643.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-5643", "ID": "CVE-2017-5643",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Camel", "product_name": "Apache Camel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.17.0 to 2.17.5" "version_value": "2.17.0 to 2.17.5"
}, },
{ {
"version_value" : "2.18.0 to 2.18.2" "version_value": "2.18.0 to 2.18.2"
}, },
{ {
"version_value" : "The unsupported Camel 2.x (2.16 and earlier) versions may be also affected." "version_value": "The unsupported Camel 2.x (2.16 and earlier) versions may be also affected."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SSRF"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2" "lang": "eng",
}, "value": "Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE."
{ }
"name" : "RHSA-2017:1832", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:1832" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97226", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97226" "lang": "eng",
} "value": "SSRF"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "97226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97226"
},
{
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2"
}
]
}
}