admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:46:34 +00:00
parent 47ed5e3595
commit e9da26ccca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4555 additions and 4555 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

510
2006/0xxx/CVE-2006-0146.json
View File

@ -1,257 +1,257 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060202 Bug for libs in php link directory 2.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name" : "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name" : "20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name" : "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name" : "http://www.xaraya.com/index.php/news/569",
"refsource" : "CONFIRM",
"url" : "http://www.xaraya.com/index.php/news/569"
},
{
"name" : "http://www.maxdev.com/Article550.phtml",
"refsource" : "CONFIRM",
"url" : "http://www.maxdev.com/Article550.phtml"
},
{
"name" : "DSA-1029",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1029"
},
{
"name" : "DSA-1030",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1030"
},
{
"name" : "DSA-1031",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1031"
},
{
"name" : "GLSA-200604-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name" : "16187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16187"
},
{
"name" : "ADV-2006-0101",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name" : "ADV-2006-0102",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name" : "ADV-2006-0103",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name" : "ADV-2006-0104",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name" : "ADV-2006-0105",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name" : "ADV-2006-0447",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name" : "ADV-2006-0370",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name" : "ADV-2006-1304",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name" : "ADV-2006-1305",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name" : "ADV-2006-1419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name" : "22290",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22290"
},
{
"name" : "17418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17418"
},
{
"name" : "18254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18254"
},
{
"name" : "18267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18267"
},
{
"name" : "18260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18260"
},
{
"name" : "18276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18276"
},
{
"name" : "18233",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18233"
},
{
"name" : "18720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18720"
},
{
"name" : "19555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19555"
},
{
"name" : "19563",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19563"
},
{
"name" : "19590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19590"
},
{
"name" : "19591",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19591"
},
{
"name" : "19600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19600"
},
{
"name" : "19699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19699"
},
{
"name" : "19691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19691"
},
{
"name" : "24954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24954"
},
{
"name" : "713",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/713"
},
{
"name" : "adodb-server-command-execution(24051)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}

150
2006/0xxx/CVE-2006-0972.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060226 2 SQL Injection in Fantastic News",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426195/100/0/threaded"
},
{
"name" : "16842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16842"
},
{
"name" : "501",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/501"
},
{
"name" : "fantasticnews-news-sql-injection(24943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16842"
},
{
"name": "fantasticnews-news-sql-injection(24943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24943"
},
{
"name": "20060226 2 SQL Injection in Fantastic News",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426195/100/0/threaded"
},
{
"name": "501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/501"
}
]
}
}

170
2006/3xxx/CVE-2006-3130.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18552"
},
{
"name" : "ADV-2006-2461",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2461"
},
{
"name" : "http://pridels0.blogspot.com/2006/06/clubpage-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/clubpage-vuln.html"
},
{
"name" : "26690",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26690"
},
{
"name" : "20706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20706"
},
{
"name" : "clubpage-index-sql-injection(27247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26690",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26690"
},
{
"name": "http://pridels0.blogspot.com/2006/06/clubpage-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/clubpage-vuln.html"
},
{
"name": "20706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20706"
},
{
"name": "ADV-2006-2461",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2461"
},
{
"name": "clubpage-index-sql-injection(27247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27247"
},
{
"name": "18552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18552"
}
]
}
}

180
2006/3xxx/CVE-2006-3395.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.jaascois.com/exploits/18602017/",
"refsource" : "MISC",
"url" : "http://www.jaascois.com/exploits/18602017/"
},
{
"name" : "18756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18756"
},
{
"name" : "ADV-2006-2639",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2639"
},
{
"name" : "26959",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26959"
},
{
"name" : "1016417",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016417"
},
{
"name" : "20923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20923"
},
{
"name" : "sitebuilderfx-admintop-file-include(27503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26959",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26959"
},
{
"name": "18756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18756"
},
{
"name": "http://www.jaascois.com/exploits/18602017/",
"refsource": "MISC",
"url": "http://www.jaascois.com/exploits/18602017/"
},
{
"name": "ADV-2006-2639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2639"
},
{
"name": "20923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20923"
},
{
"name": "1016417",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016417"
},
{
"name": "sitebuilderfx-admintop-file-include(27503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27503"
}
]
}
}

160
2006/3xxx/CVE-2006-3688.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060711 MyGallery \"Room.php\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440124/100/100/threaded"
},
{
"name" : "19020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19020"
},
{
"name" : "ADV-2006-2834",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2834"
},
{
"name" : "1016505",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016505"
},
{
"name" : "21084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016505",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016505"
},
{
"name": "19020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19020"
},
{
"name": "20060711 MyGallery \"Room.php\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440124/100/100/threaded"
},
{
"name": "21084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21084"
},
{
"name": "ADV-2006-2834",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2834"
}
]
}
}

170
2006/3xxx/CVE-2006-3728.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to \"kernel data structure corruption\" that can trigger a system panic, application failure, or \"data corruption.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102344",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102344-1"
},
{
"name" : "19064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19064"
},
{
"name" : "ADV-2006-2872",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2872"
},
{
"name" : "1016535",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016535"
},
{
"name" : "21109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21109"
},
{
"name" : "solaris-kernel-patch-dos(27801)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to \"kernel data structure corruption\" that can trigger a system panic, application failure, or \"data corruption.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19064"
},
{
"name": "ADV-2006-2872",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2872"
},
{
"name": "1016535",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016535"
},
{
"name": "102344",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102344-1"
},
{
"name": "21109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21109"
},
{
"name": "solaris-kernel-patch-dos(27801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27801"
}
]
}
}

170
2006/3xxx/CVE-2006-3845.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hustlelabs.com/advisories/04072006_rarlabs.pdf",
"refsource" : "MISC",
"url" : "http://hustlelabs.com/advisories/04072006_rarlabs.pdf"
},
{
"name" : "http://www.rarlabs.com/rarnew.htm",
"refsource" : "CONFIRM",
"url" : "http://www.rarlabs.com/rarnew.htm"
},
{
"name" : "19043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19043"
},
{
"name" : "ADV-2006-2867",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2867"
},
{
"name" : "21080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21080"
},
{
"name" : "winrar-lha-bo(27815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21080"
},
{
"name": "19043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19043"
},
{
"name": "winrar-lha-bo(27815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27815"
},
{
"name": "http://www.rarlabs.com/rarnew.htm",
"refsource": "CONFIRM",
"url": "http://www.rarlabs.com/rarnew.htm"
},
{
"name": "ADV-2006-2867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2867"
},
{
"name": "http://hustlelabs.com/advisories/04072006_rarlabs.pdf",
"refsource": "MISC",
"url": "http://hustlelabs.com/advisories/04072006_rarlabs.pdf"
}
]
}
}

360
2006/4xxx/CVE-2006-4182.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061016 Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"name" : "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource" : "CONFIRM",
"url" : "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=304829",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name" : "APPLE-SA-2006-11-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name" : "DSA-1196",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1196"
},
{
"name" : "GLSA-200610-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name" : "MDKSA-2006:184",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name" : "SUSE-SA:2006:060",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name" : "TA06-333A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name" : "VU#180864",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/180864"
},
{
"name" : "20535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20535"
},
{
"name" : "ADV-2006-4034",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name" : "ADV-2006-4136",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name" : "ADV-2006-4264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name" : "ADV-2006-4750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name" : "1017068",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017068"
},
{
"name" : "22370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22370"
},
{
"name" : "22421",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22421"
},
{
"name" : "22498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22498"
},
{
"name" : "22488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22488"
},
{
"name" : "22537",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22537"
},
{
"name" : "22551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22551"
},
{
"name" : "22626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22626"
},
{
"name" : "23155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23155"
},
{
"name" : "clamav-rebuildpe-bo(29607)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22370"
},
{
"name": "VU#180864",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"name": "SUSE-SA:2006:060",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "MDKSA-2006:184",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "22421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22421"
},
{
"name": "20061016 Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"name": "ADV-2006-4264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "20535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20535"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "GLSA-200610-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "1017068",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "clamav-rebuildpe-bo(29607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
},
{
"name": "22551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22498"
}
]
}
}

160
2006/4xxx/CVE-2006-4249.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plone.org/about/security/advisories/cve-2006-4249/",
"refsource" : "CONFIRM",
"url" : "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"name" : "21460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21460"
},
{
"name" : "ADV-2006-4878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4878"
},
{
"name" : "23240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23240"
},
{
"name" : "plone-group-spoofing(30762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to \"masquerade as a group.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21460"
},
{
"name": "http://plone.org/about/security/advisories/cve-2006-4249/",
"refsource": "CONFIRM",
"url": "http://plone.org/about/security/advisories/cve-2006-4249/"
},
{
"name": "23240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23240"
},
{
"name": "plone-group-spoofing(30762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30762"
},
{
"name": "ADV-2006-4878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4878"
}
]
}
}

220
2006/4xxx/CVE-2006-4345.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"name" : "http://labs.musecurity.com/advisories/MU-200608-01.txt",
"refsource" : "MISC",
"url" : "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name" : "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11",
"refsource" : "CONFIRM",
"url" : "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"name" : "http://www.sineapps.com/news.php?rssid=1448",
"refsource" : "CONFIRM",
"url" : "http://www.sineapps.com/news.php?rssid=1448"
},
{
"name" : "GLSA-200610-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name" : "19683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19683"
},
{
"name" : "ADV-2006-3372",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name" : "1016742",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016742"
},
{
"name" : "21600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21600"
},
{
"name" : "22651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22651"
},
{
"name" : "asterisk-mgcp-bo(28542)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3372",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3372"
},
{
"name": "GLSA-200610-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200608-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200608-01.txt"
},
{
"name": "22651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22651"
},
{
"name": "19683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19683"
},
{
"name": "1016742",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016742"
},
{
"name": "20060825 Multiple Vulnerabilities in Asterisk 1.2.10 (Fixed in 1.2.11)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444322/100/0/threaded"
},
{
"name": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11"
},
{
"name": "asterisk-mgcp-bo(28542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28542"
},
{
"name": "http://www.sineapps.com/news.php?rssid=1448",
"refsource": "CONFIRM",
"url": "http://www.sineapps.com/news.php?rssid=1448"
},
{
"name": "21600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21600"
}
]
}
}

160
2006/4xxx/CVE-2006-4665.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060907 xxs in MKPortal M1.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445511/100/0/threaded"
},
{
"name" : "ADV-2006-3518",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3518"
},
{
"name" : "21821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21821"
},
{
"name" : "1534",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1534"
},
{
"name" : "mkportal-index-xss(28812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3518",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3518"
},
{
"name": "mkportal-index-xss(28812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28812"
},
{
"name": "21821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21821"
},
{
"name": "20060907 xxs in MKPortal M1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445511/100/0/threaded"
},
{
"name": "1534",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1534"
}
]
}
}

150
2006/7xxx/CVE-2006-7092.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://mamboxchange.com/forum/forum.php?forum_id=7767",
"refsource" : "CONFIRM",
"url" : "http://mamboxchange.com/forum/forum.php?forum_id=7767"
},
{
"name" : "20413",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20413"
},
{
"name" : "ADV-2006-3953",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3953"
},
{
"name" : "22263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20413"
},
{
"name": "ADV-2006-3953",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3953"
},
{
"name": "22263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22263"
},
{
"name": "http://mamboxchange.com/forum/forum.php?forum_id=7767",
"refsource": "CONFIRM",
"url": "http://mamboxchange.com/forum/forum.php?forum_id=7767"
}
]
}
}

170
2006/7xxx/CVE-2006-7192.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070405 Microsoft .NET request filtering bypass vulnerability (BID 20753)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464796/100/0/threaded"
},
{
"name" : "http://www.cpni.gov.uk/docs/re-20061020-00710.pdf",
"refsource" : "MISC",
"url" : "http://www.cpni.gov.uk/docs/re-20061020-00710.pdf"
},
{
"name" : "http://www.procheckup.com/Vulner_PR0703.php",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/Vulner_PR0703.php"
},
{
"name" : "20753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20753"
},
{
"name" : "35269",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35269"
},
{
"name" : "2530",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2530"
},
{
"name": "35269",
"refsource": "OSVDB",
"url": "http://osvdb.org/35269"
},
{
"name": "http://www.cpni.gov.uk/docs/re-20061020-00710.pdf",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/docs/re-20061020-00710.pdf"
},
{
"name": "20070405 Microsoft .NET request filtering bypass vulnerability (BID 20753)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464796/100/0/threaded"
},
{
"name": "http://www.procheckup.com/Vulner_PR0703.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_PR0703.php"
},
{
"name": "20753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20753"
}
]
}
}

140
2010/2xxx/CVE-2010-2057.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=623799",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"name" : "https://issues.apache.org/jira/browse/MYFACES-2749",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/MYFACES-2749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=623799",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=623799"
},
{
"name": "https://issues.apache.org/jira/browse/MYFACES-2749",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/MYFACES-2749"
},
{
"name": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801"
}
]
}
}

130
2010/2xxx/CVE-2010-2088.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}

160
2010/2xxx/CVE-2010-2150.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html",
"refsource" : "CONFIRM",
"url" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html"
},
{
"name" : "JVN#58439007",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN58439007/index.html"
},
{
"name" : "JVNDB-2010-000021",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000021.html"
},
{
"name" : "40515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40515"
},
{
"name" : "40029",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40515"
},
{
"name": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html",
"refsource": "CONFIRM",
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html"
},
{
"name": "JVNDB-2010-000021",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000021.html"
},
{
"name": "40029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40029"
},
{
"name": "JVN#58439007",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN58439007/index.html"
}
]
}
}

160
2010/2xxx/CVE-2010-2212.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100630 VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow Vulnerability (CVE-2010-2212)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512095/100/0/threaded"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name" : "oval:org.mitre.oval:def:6798",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6798"
},
{
"name" : "1024159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024159"
},
{
"name" : "ADV-2010-1636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100630 VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow Vulnerability (CVE-2010-2212)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512095/100/0/threaded"
},
{
"name": "ADV-2010-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1636"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html"
},
{
"name": "1024159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024159"
},
{
"name": "oval:org.mitre.oval:def:6798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6798"
}
]
}
}

290
2010/2xxx/CVE-2010-2252.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
},
{
"name" : "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
},
{
"name" : "[bug-wget] 20100520 security risk of unexpected download filenames",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
},
{
"name" : "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
},
{
"name" : "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
},
{
"name" : "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127412569216380&w=2"
},
{
"name" : "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127411372529485&w=2"
},
{
"name" : "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127416905831994&w=2"
},
{
"name" : "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127422615924593&w=2"
},
{
"name" : "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127427572721591&w=2"
},
{
"name" : "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127432968701342&w=2"
},
{
"name" : "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127441275821210&w=2"
},
{
"name" : "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127611288927500&w=2"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2010-001.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=602797",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
},
{
"name" : "RHSA-2014:0151",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
},
{
"name" : "65722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602797",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
},
{
"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
},
{
"name": "RHSA-2014:0151",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
},
{
"name": "[bug-wget] 20100520 security risk of unexpected download filenames",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
},
{
"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"
},
{
"name": "65722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65722"
},
{
"name": "http://www.ocert.org/advisories/ocert-2010-001.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2010-001.html"
},
{
"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"
},
{
"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
},
{
"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
},
{
"name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"
},
{
"name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"
},
{
"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"
},
{
"name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"
},
{
"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
},
{
"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"
}
]
}
}

130
2010/2xxx/CVE-2010-2729.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka \"Print Spooler Service Impersonation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-061",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-061"
},
{
"name" : "oval:org.mitre.oval:def:7358",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka \"Print Spooler Service Impersonation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-061"
},
{
"name": "oval:org.mitre.oval:def:7358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7358"
}
]
}
}

180
2010/3xxx/CVE-2010-3026.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100805 XSRF (CSRF) in Open blog",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512902/100/0/threaded"
},
{
"name" : "14562",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14562"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html"
},
{
"name" : "66925",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66925"
},
{
"name" : "40876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40876"
},
{
"name" : "openblog-users-csrf(60943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100805 XSRF (CSRF) in Open blog",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512902/100/0/threaded"
},
{
"name": "openblog-users-csrf(60943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60943"
},
{
"name": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt"
},
{
"name": "14562",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14562"
},
{
"name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html"
},
{
"name": "66925",
"refsource": "OSVDB",
"url": "http://osvdb.org/66925"
},
{
"name": "40876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40876"
}
]
}
}

170
2010/3xxx/CVE-2010-3145.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka \"Backup Manager Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14751",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14751/"
},
{
"name" : "MS11-001",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-001"
},
{
"name" : "TA11-011A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-011A.html"
},
{
"name" : "oval:org.mitre.oval:def:12273",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12273"
},
{
"name" : "1024948",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024948"
},
{
"name" : "ADV-2011-0074",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka \"Backup Manager Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14751",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14751/"
},
{
"name": "ADV-2011-0074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0074"
},
{
"name": "1024948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024948"
},
{
"name": "MS11-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-001"
},
{
"name": "TA11-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-011A.html"
},
{
"name": "oval:org.mitre.oval:def:12273",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12273"
}
]
}
}

210
2010/3xxx/CVE-2010-3758.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100929 ZDI-10-180: IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514072/100/0/threaded"
},
{
"name" : "20100929 ZDI-10-181: IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514078/100/0/threaded"
},
{
"name" : "20100929 ZDI-10-183: IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514067/100/0/threaded"
},
{
"name" : "20100929 ZDI-10-184: IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514059/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-180/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-180/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-181/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-181/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-183/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-183/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-184/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-184/"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21443820",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name" : "IC69883",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-183/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-183/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-184/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-184/"
},
{
"name": "20100929 ZDI-10-181: IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514078/100/0/threaded"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-181/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-181/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-180/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-180/"
},
{
"name": "20100929 ZDI-10-180: IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514072/100/0/threaded"
},
{
"name": "20100929 ZDI-10-184: IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514059/100/0/threaded"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21443820",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name": "IC69883",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name": "20100929 ZDI-10-183: IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514067/100/0/threaded"
}
]
}
}

34
2011/0xxx/CVE-2011-0060.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0060",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-0060",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

34
2011/0xxx/CVE-2011-0306.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0306",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0306",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2011/0xxx/CVE-2011-0387.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
},
{
"name" : "46520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46520"
},
{
"name" : "1025113",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025113"
},
{
"name" : "cisco-multipoint-interface-dos(65621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-multipoint-interface-dos(65621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65621"
},
{
"name": "46520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46520"
},
{
"name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml"
},
{
"name": "1025113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025113"
}
]
}
}

140
2011/0xxx/CVE-2011-0457.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://e107.org/comment.php?comment.news.872",
"refsource" : "MISC",
"url" : "http://e107.org/comment.php?comment.news.872"
},
{
"name" : "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource" : "CONFIRM",
"url" : "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"name" : "JVN#01635457",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN01635457/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "MISC",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "JVN#01635457",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01635457/index.html"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
}
]
}
}

310
2011/0xxx/CVE-2011-0480.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=68115",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=68115"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name" : "http://codereview.chromium.org/6069005",
"refsource" : "CONFIRM",
"url" : "http://codereview.chromium.org/6069005"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
},
{
"name" : "http://codereview.chromium.org/5964011",
"refsource" : "CONFIRM",
"url" : "http://codereview.chromium.org/5964011"
},
{
"name" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3",
"refsource" : "CONFIRM",
"url" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
},
{
"name" : "http://roundup.ffmpeg.org/issue2548",
"refsource" : "CONFIRM",
"url" : "http://roundup.ffmpeg.org/issue2548"
},
{
"name" : "http://roundup.ffmpeg.org/issue2550",
"refsource" : "CONFIRM",
"url" : "http://roundup.ffmpeg.org/issue2550"
},
{
"name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=70200",
"refsource" : "CONFIRM",
"url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=70200"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name" : "http://ffmpeg.mplayerhq.hu/",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.mplayerhq.hu/"
},
{
"name" : "DSA-2306",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2306"
},
{
"name" : "MDVSA-2011:061",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name" : "USN-1104-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name" : "45788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45788"
},
{
"name" : "70463",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70463"
},
{
"name" : "oval:org.mitre.oval:def:14380",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
},
{
"name" : "42951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42951"
},
{
"name" : "chrome-vorbis-bo(64671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://roundup.ffmpeg.org/issue2548",
"refsource": "CONFIRM",
"url": "http://roundup.ffmpeg.org/issue2548"
},
{
"name": "DSA-2306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
},
{
"name": "http://codereview.chromium.org/6069005",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/6069005"
},
{
"name": "45788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3",
"refsource": "CONFIRM",
"url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
},
{
"name": "MDVSA-2011:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=70200",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=70200"
},
{
"name": "http://codereview.chromium.org/5964011",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/5964011"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name": "USN-1104-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "70463",
"refsource": "OSVDB",
"url": "http://osvdb.org/70463"
},
{
"name": "chrome-vorbis-bo(64671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
},
{
"name": "http://ffmpeg.mplayerhq.hu/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=68115",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=68115"
},
{
"name": "oval:org.mitre.oval:def:14380",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
},
{
"name": "http://roundup.ffmpeg.org/issue2550",
"refsource": "CONFIRM",
"url": "http://roundup.ffmpeg.org/issue2550"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}

190
2011/0xxx/CVE-2011-0481.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=68170",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=68170"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name" : "45788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45788"
},
{
"name" : "70464",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70464"
},
{
"name" : "oval:org.mitre.oval:def:14418",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14418"
},
{
"name" : "42951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42951"
},
{
"name" : "chrome-pdf-shading-bo(64672)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70464",
"refsource": "OSVDB",
"url": "http://osvdb.org/70464"
},
{
"name": "chrome-pdf-shading-bo(64672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64672"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "45788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name": "oval:org.mitre.oval:def:14418",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14418"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=68170",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=68170"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}

540
2011/1xxx/CVE-2011-1155.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name" : "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/04/33"
},
{
"name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name" : "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name" : "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name" : "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name" : "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name" : "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name" : "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name" : "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name" : "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name" : "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680797",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name" : "FEDORA-2011-3758",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name" : "FEDORA-2011-3739",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name" : "MDVSA-2011:065",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name" : "RHSA-2011:0407",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name" : "43955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43955"
},
{
"name" : "ADV-2011-0791",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name" : "ADV-2011-0872",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name" : "ADV-2011-0961",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \\n (newline) or (2) \\ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/19"
},
{
"name": "[oss-security] 20110304 CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/16"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/25"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/30"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/26"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/28"
},
{
"name": "[oss-security] 20110308 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/5"
},
{
"name": "43955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43955"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/31"
},
{
"name": "ADV-2011-0961",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0961"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/17"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/6"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/3"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/29"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/6"
},
{
"name": "FEDORA-2011-3739",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/4"
},
{
"name": "ADV-2011-0791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0791"
},
{
"name": "MDVSA-2011:065",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:065"
},
{
"name": "[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/07/11"
},
{
"name": "[oss-security] 20110323 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/23/11"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/18"
},
{
"name": "FEDORA-2011-3758",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056992.html"
},
{
"name": "[oss-security] 20110310 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680797",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680797"
},
{
"name": "RHSA-2011:0407",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0407.html"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/3"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/10/7"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/05/8"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/22"
},
{
"name": "[oss-security] 20110311 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/11/5"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/27"
},
{
"name": "ADV-2011-0872",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0872"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/32"
},
{
"name": "[oss-security] 20110314 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/14/26"
},
{
"name": "[oss-security] 20110304 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/24"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/4"
},
{
"name": "[oss-security] 20110306 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/06/6"
},
{
"name": "[oss-security] 20110305 Re: CVE Request -- logrotate -- nine issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/04/33"
}
]
}
}

170
2011/1xxx/CVE-2011-1377.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27011716",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27011716"
},
{
"name" : "PM43792",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792"
},
{
"name" : "PM50205",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205"
},
{
"name" : "50310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50310"
},
{
"name" : "46469",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46469"
},
{
"name" : "was-wssecurity-unspecified(72299)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27011716",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27011716"
},
{
"name": "PM43792",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792"
},
{
"name": "was-wssecurity-unspecified(72299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72299"
},
{
"name": "PM50205",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205"
},
{
"name": "46469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46469"
},
{
"name": "50310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50310"
}
]
}
}

190
2011/1xxx/CVE-2011-1582.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518032/100/0/threaded"
},
{
"name" : "[www-announce] 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1100832",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1100832"
},
{
"name" : "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29"
},
{
"name" : "47886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47886"
},
{
"name" : "8256",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8256"
},
{
"name" : "ADV-2011-1255",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1255"
},
{
"name" : "tomcat-annotations-security-bypass(67515)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8256",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8256"
},
{
"name": "20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518032/100/0/threaded"
},
{
"name": "[www-announce] 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E"
},
{
"name": "ADV-2011-1255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1255"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1100832",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1100832"
},
{
"name": "47886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47886"
},
{
"name": "tomcat-annotations-security-bypass(67515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67515"
},
{
"name": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29"
}
]
}
}

240
2011/1xxx/CVE-2011-1761.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17222",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17222"
},
{
"name" : "[oss-security] 20120502 CVE request: libmodplugin stack-buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/05/02/1"
},
{
"name" : "[oss-security] 20120502 Re: CVE request: libmodplugin stack-buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/05/02/19"
},
{
"name" : "DSA-2415",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2415"
},
{
"name" : "openSUSE-SU-2011:0551",
"refsource" : "SUSE",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060520.html"
},
{
"name" : "openSUSE-SU-2011:0943",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html"
},
{
"name" : "USN-1148-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1148-1"
},
{
"name" : "72157",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/72157"
},
{
"name" : "44388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44388"
},
{
"name" : "44695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44695"
},
{
"name" : "44870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44870"
},
{
"name" : "45742",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45742"
},
{
"name" : "48058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2415",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2415"
},
{
"name": "44870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44870"
},
{
"name": "72157",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72157"
},
{
"name": "USN-1148-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1148-1"
},
{
"name": "44695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44695"
},
{
"name": "48058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48058"
},
{
"name": "17222",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17222"
},
{
"name": "45742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45742"
},
{
"name": "openSUSE-SU-2011:0943",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00019.html"
},
{
"name": "[oss-security] 20120502 Re: CVE request: libmodplugin stack-buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/05/02/19"
},
{
"name": "[oss-security] 20120502 CVE request: libmodplugin stack-buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/05/02/1"
},
{
"name": "44388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44388"
},
{
"name": "openSUSE-SU-2011:0551",
"refsource": "SUSE",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060520.html"
}
]
}
}

120
2011/5xxx/CVE-2011-5239.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.unrest.ca/peerjacking",
"refsource" : "MISC",
"url" : "http://www.unrest.ca/peerjacking"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrest.ca/peerjacking",
"refsource": "MISC",
"url": "http://www.unrest.ca/peerjacking"
}
]
}
}

120
2011/5xxx/CVE-2011-5292.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23015",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23015",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23015"
}
]
}
}

120
2011/5xxx/CVE-2011-5295.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23012",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23012",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23012"
}
]
}
}

130
2014/2xxx/CVE-2014-2343.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01"
},
{
"name" : "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new",
"refsource" : "MISC",
"url" : "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new",
"refsource": "MISC",
"url": "http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01"
}
]
}
}

140
2014/3xxx/CVE-2014-3093.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020242",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020242"
},
{
"name" : "69437",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69437"
},
{
"name" : "ibm-powervc-cve20143093-sec-bypass(94259)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020242",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020242"
},
{
"name": "69437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69437"
},
{
"name": "ibm-powervc-cve20143093-sec-bypass(94259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94259"
}
]
}
}

34
2014/3xxx/CVE-2014-3253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3253",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/3xxx/CVE-2014-3853.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/3"
},
{
"name" : "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/23/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/23/1"
},
{
"name": "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/3"
}
]
}
}

150
2014/6xxx/CVE-2014-6175.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902933",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902933"
},
{
"name" : "PO02715",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PO02715"
},
{
"name" : "PO03923",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PO03923"
},
{
"name" : "PO04455",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PO04455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902933",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902933"
},
{
"name": "PO04455",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PO04455"
},
{
"name": "PO02715",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PO02715"
},
{
"name": "PO03923",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PO03923"
}
]
}
}

34
2014/6xxx/CVE-2014-6390.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6390",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6390",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/6xxx/CVE-2014-6553.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70483"
},
{
"name" : "61767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70483"
},
{
"name": "61767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61767"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

190
2014/7xxx/CVE-2014-7177.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141028 CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/120"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/"
},
{
"name" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog"
},
{
"name" : "https://tuleap.net/plugins/tracker/?aid=7458",
"refsource" : "CONFIRM",
"url" : "https://tuleap.net/plugins/tracker/?aid=7458"
},
{
"name" : "https://www.tuleap.org/recent-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "https://www.tuleap.org/recent-vulnerabilities"
},
{
"name" : "70771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70771"
},
{
"name" : "113680",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/113680"
},
{
"name" : "tuleap-cve20147177-info-disc(98308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70771"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog",
"refsource": "CONFIRM",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog"
},
{
"name": "https://tuleap.net/plugins/tracker/?aid=7458",
"refsource": "CONFIRM",
"url": "https://tuleap.net/plugins/tracker/?aid=7458"
},
{
"name": "20141028 CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/120"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/"
},
{
"name": "113680",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/113680"
},
{
"name": "https://www.tuleap.org/recent-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://www.tuleap.org/recent-vulnerabilities"
},
{
"name": "tuleap-cve20147177-info-disc(98308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98308"
}
]
}
}

140
2014/7xxx/CVE-2014-7804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#896129",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/896129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#896129",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/896129"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

490
2014/7xxx/CVE-2014-7910.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34879",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/34879/"
},
{
"name" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=337071",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=337071"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=340387",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=340387"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389451",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389451"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=391001",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=391001"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=397396",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=397396"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=408426",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=408426"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=409454",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=409454"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=409508",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=409508"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=411159",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=411159"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=411162",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=411162"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=411165",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=411165"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=413743",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=413743"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=413744",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=413744"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=414134",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=414134"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=415407",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=415407"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=417210",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=417210"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=417329",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=417329"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=421090",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=421090"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=421321",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=421321"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=421504",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=421504"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=421720",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=421720"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=421981",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=421981"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=422482",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=422482"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=423030",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=423030"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=423891",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=423891"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=424215",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=424215"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=424999",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=424999"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=425151",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=425151"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=425152",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=425152"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=433500",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=433500"
},
{
"name" : "RHSA-2014:1894",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1894.html"
},
{
"name" : "71161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71161"
},
{
"name" : "1031241",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031241"
},
{
"name" : "62608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62608"
},
{
"name" : "60194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60194"
},
{
"name" : "google-chrome-cve20147910-multiple-unspec(98798)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=397396",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=397396"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=411165",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=411165"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=409508",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=409508"
},
{
"name": "1031241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031241"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=409454",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=409454"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=391001",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=391001"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=413744",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=413744"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=340387",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=340387"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=421981",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=421981"
},
{
"name": "71161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71161"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=408426",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=408426"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=421720",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=421720"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=423030",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=423030"
},
{
"name": "RHSA-2014:1894",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"
},
{
"name": "62608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62608"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=421090",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=421090"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=414134",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=414134"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389451",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389451"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=417329",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=417329"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=424999",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=424999"
},
{
"name": "34879",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34879/"
},
{
"name": "60194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60194"
},
{
"name": "google-chrome-cve20147910-multiple-unspec(98798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98798"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=425152",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=425152"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=415407",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=415407"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=411162",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=411162"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=424215",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=424215"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=417210",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=417210"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=337071",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=337071"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=433500",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=433500"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=421321",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=421321"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=422482",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=422482"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=411159",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=411159"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=413743",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=413743"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=421504",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=421504"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=425151",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=425151"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=423891",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=423891"
}
]
}
}

34
2016/2xxx/CVE-2016-2773.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2773",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2773",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/2xxx/CVE-2016-2949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991959",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991959"
},
{
"name" : "IV89740",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89740"
},
{
"name" : "94608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89740",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89740"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991959",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991959"
},
{
"name": "94608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94608"
}
]
}
}

132
2017/18xxx/CVE-2017-18035.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-01-18T00:00:00",
"ID" : "CVE-2017-18035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fisheye and Crucible",
"version" : {
"version_data" : [
{
"version_value" : "prior to 4.5.1 and 4.6.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control (CWE-284)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-18T00:00:00",
"ID": "CVE-2017-18035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fisheye and Crucible",
"version": {
"version_data": [
{
"version_value": "prior to 4.5.1 and 4.6.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CRUC-8163",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CRUC-8163"
},
{
"name" : "https://jira.atlassian.com/browse/FE-6996",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/FE-6996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/FE-6996",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/FE-6996"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8163",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CRUC-8163"
}
]
}
}

34
2017/1xxx/CVE-2017-1007.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1007",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2017/1xxx/CVE-2017-1423.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-15T00:00:00",
"ID" : "CVE-2017-1423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Portal",
"version" : {
"version_data" : [
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
},
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22011400",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"name" : "1040017",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22011400",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"name": "1040017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040017"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
}
]
}
}

178
2017/1xxx/CVE-2017-1591.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-09-25T00:00:00",
"ID" : "CVE-2017-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateways",
"version" : {
"version_data" : [
{
"version_value" : "7.0.0"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.5"
},
{
"version_value" : "7.5.1"
},
{
"version_value" : "7.5.2"
},
{
"version_value" : "7.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-25T00:00:00",
"ID": "CVE-2017-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DataPower Gateways",
"version": {
"version_data": [
{
"version_value": "7.0.0"
},
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.1"
},
{
"version_value": "7.5.2"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22008815",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22008815"
},
{
"name" : "101021",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008815",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008815"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132368"
},
{
"name": "101021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101021"
}
]
}
}

34
2017/1xxx/CVE-2017-1872.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1872",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1872",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/1xxx/CVE-2017-1977.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1977",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-1977",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/5xxx/CVE-2017-5980.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/"
},
{
"name" : "DSA-3878",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3878"
},
{
"name" : "96268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/"
},
{
"name": "96268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96268"
},
{
"name": "DSA-3878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3878"
}
]
}
}