admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:07:27 +00:00
parent 2000563a3a
commit f3ce5933af
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4196 additions and 4196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2006/2xxx/CVE-2006-2075.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2075", "ID": "CVE-2006-2075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka \"Query-of-death,\" as demonstrated by the OUSPG PROTOS DNS test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" "lang": "eng",
}, "value": "Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka \"Query-of-death,\" as demonstrated by the OUSPG PROTOS DNS test suite."
{ }
"name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", ]
"refsource" : "MISC", },
"url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#955777", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/955777" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1505", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1505" ]
}, },
{ "references": {
"name" : "1015990", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015990" "name": "dns-improper-request-handling(26081)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081"
"name" : "dns-improper-request-handling(26081)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" "name": "VU#955777",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/955777"
} },
{
"name": "ADV-2006-1505",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1505"
},
{
"name": "1015990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015990"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en"
}
]
}
} }

178
2006/2xxx/CVE-2006-2174.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2174", "ID": "CVE-2006-2174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432711" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter."
{ }
"name" : "http://www.aria-security.net/hm/vhcs.txt", ]
"refsource" : "MISC", },
"url" : "http://www.aria-security.net/hm/vhcs.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17790", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17790" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1634", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1634" ]
}, },
{ "references": {
"name" : "19940", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19940" "name": "19940",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19940"
"name" : "832", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/832" "name": "20060502 VHCS --- Virtual Hosting Control System Cross Site Scripting",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/432711"
"name" : "vhcs-serverdaystats-xss(26209)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209" "name": "ADV-2006-1634",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1634"
} },
{
"name": "vhcs-serverdaystats-xss(26209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26209"
},
{
"name": "http://www.aria-security.net/hm/vhcs.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/hm/vhcs.txt"
},
{
"name": "832",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/832"
},
{
"name": "17790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17790"
}
]
}
} }

32
2006/2xxx/CVE-2006-2299.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2299", "ID": "CVE-2006-2299",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2006/2xxx/CVE-2006-2614.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2614", "ID": "CVE-2006-2614",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "102024", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102024-1" "lang": "eng",
}, "value": "Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords."
{ }
"name" : "18023", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1851", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1851" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016119", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016119" ]
}, },
{ "references": {
"name" : "20127", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20127" "name": "20127",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20127"
"name" : "sun-systemmanager-password-disclosure(26521)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26521" "name": "1016119",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1016119"
} },
{
"name": "18023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18023"
},
{
"name": "102024",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102024-1"
},
{
"name": "ADV-2006-1851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1851"
},
{
"name": "sun-systemmanager-password-disclosure(26521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26521"
}
]
}
} }

178
2006/3xxx/CVE-2006-3606.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3606", "ID": "CVE-2006-3606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "102503", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102503-1" "lang": "eng",
}, "value": "Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library."
{ }
"name" : "18974", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18974" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2800", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2800" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:2033", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2033" ]
}, },
{ "references": {
"name" : "1016495", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016495" "name": "1016495",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016495"
"name" : "21048", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21048" "name": "oval:org.mitre.oval:def:2033",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2033"
"name" : "solaris-libice-dos(27734)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27734" "name": "ADV-2006-2800",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2800"
} },
{
"name": "solaris-libice-dos(27734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27734"
},
{
"name": "18974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18974"
},
{
"name": "21048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21048"
},
{
"name": "102503",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102503-1"
}
]
}
} }

428
2006/3xxx/CVE-2006-3628.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-3628", "ID": "CVE-2006-3628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060719 rPSA-2006-0132-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440576/100/0/threaded" "lang": "eng",
}, "value": "Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://issues.rpath.com/browse/RPL-512", "description": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-512" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm" ]
}, },
{ "references": {
"name" : "DSA-1127", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1127" "name": "20060801-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
"name" : "GLSA-200607-09", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200607-09.xml" "name": "RHSA-2006:0602",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0602.html"
"name" : "MDKSA-2006:128", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128" "name": "SUSE-SR:2006:020",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
"name" : "RHSA-2006:0602", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0602.html" "name": "21121",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21121"
"name" : "20060801-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" "name": "1016532",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016532"
"name" : "SUSE-SR:2006:020", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" "name": "21078",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21078"
"name" : "19051", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19051" "name": "GLSA-200607-09",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200607-09.xml"
"name" : "oval:org.mitre.oval:def:9175", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm"
"name" : "ADV-2006-2850", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2850" "name": "21598",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21598"
"name" : "27369", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27369" "name": "oval:org.mitre.oval:def:9175",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175"
"name" : "27363", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27363" "name": "21467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21467"
"name" : "27364", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27364" "name": "22089",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22089"
"name" : "27362", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27362" "name": "21204",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21204"
"name" : "1016532", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016532" "name": "27362",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27362"
"name" : "21078", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21078" "name": "27364",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27364"
"name" : "21107", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21107" "name": "20060719 rPSA-2006-0132-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/440576/100/0/threaded"
"name" : "21121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21121" "name": "27363",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27363"
"name" : "21204", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21204" "name": "wireshark-ansimap-format-string(27822)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27822"
"name" : "21249", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21249" "name": "ADV-2006-2850",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2850"
"name" : "21488", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21488" "name": "27369",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27369"
"name" : "21598", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21598" "name": "http://www.wireshark.org/security/wnpa-sec-2006-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2006-01.html"
"name" : "22089", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22089" "name": "wireshark-ntp-format-string(27828)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27828"
"name" : "21467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21467" "name": "DSA-1127",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1127"
"name" : "wireshark-ansimap-format-string(27822)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27822" "name": "21107",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21107"
"name" : "wireshark-cpfw1-format-string(27823)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27823" "name": "21249",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21249"
"name" : "wireshark-mq-format-string(27824)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27824" "name": "MDKSA-2006:128",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128"
"name" : "wireshark-ntp-format-string(27828)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27828" "name": "21488",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21488"
"name" : "wireshark-xml-format-string(27825)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27825" "name": "https://issues.rpath.com/browse/RPL-512",
} "refsource": "CONFIRM",
] "url": "https://issues.rpath.com/browse/RPL-512"
} },
{
"name": "wireshark-xml-format-string(27825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27825"
},
{
"name": "wireshark-mq-format-string(27824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27824"
},
{
"name": "19051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19051"
},
{
"name": "wireshark-cpfw1-format-string(27823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27823"
}
]
}
} }

168
2006/3xxx/CVE-2006-3916.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3916", "ID": "CVE-2006-3916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://security-net.biz/adv/D25706a.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://security-net.biz/adv/D25706a.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter."
{ }
"name" : "19156", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19156" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2968", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2968" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27481", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/27481" ]
}, },
{ "references": {
"name" : "21189", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21189" "name": "http://security-net.biz/adv/D25706a.txt",
}, "refsource": "MISC",
{ "url": "http://security-net.biz/adv/D25706a.txt"
"name" : "snews-snews-xss(27940)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27940" "name": "ADV-2006-2968",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2968"
} },
{
"name": "snews-snews-xss(27940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27940"
},
{
"name": "27481",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27481"
},
{
"name": "21189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21189"
},
{
"name": "19156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19156"
}
]
}
} }

128
2006/4xxx/CVE-2006-4372.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4372", "ID": "CVE-2006-4372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2222", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2222" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter."
{ }
"name" : "lurmconstructor-admin-file-include(28475)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28475" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2222",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2222"
},
{
"name": "lurmconstructor-admin-file-include(28475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28475"
}
]
}
} }

138
2006/6xxx/CVE-2006-6387.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6387", "ID": "CVE-2006-6387",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "21464", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21464" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "23107", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/23107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "linkcms-prikazInformacije-sql-injection(30744)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30744" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "21464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21464"
},
{
"name": "23107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23107"
},
{
"name": "linkcms-prikazInformacije-sql-injection(30744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30744"
}
]
}
} }

148
2006/6xxx/CVE-2006-6569.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6569", "ID": "CVE-2006-6569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a \"modfich\" floap parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/454385/100/0/threaded" "lang": "eng",
}, "value": "form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a \"modfich\" floap parameter."
{ }
"name" : "21595", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21595" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2035", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2035" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "genesis-form-source-disclosure(30888)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30888" ]
} },
] "references": {
} "reference_data": [
{
"name": "21595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21595"
},
{
"name": "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454385/100/0/threaded"
},
{
"name": "2035",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2035"
},
{
"name": "genesis-form-source-disclosure(30888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30888"
}
]
}
} }

118
2006/6xxx/CVE-2006-6829.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6829", "ID": "CVE-2006-6829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-5150", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/5150" "lang": "eng",
} "value": "Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-5150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5150"
}
]
}
} }

148
2006/6xxx/CVE-2006-6910.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6910", "ID": "CVE-2006-6910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3056", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3056" "lang": "eng",
}, "value": "formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter."
{ }
"name" : "21841", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21841" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23539", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23539" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "formbankserver-formbank-dos(31216)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31216" ]
} },
] "references": {
} "reference_data": [
{
"name": "3056",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3056"
},
{
"name": "21841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21841"
},
{
"name": "formbankserver-formbank-dos(31216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31216"
},
{
"name": "23539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23539"
}
]
}
} }

138
2006/7xxx/CVE-2006-7058.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7058", "ID": "CVE-2006-7058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-1845", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1845" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "25574", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/25574" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20131", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20131" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1845",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1845"
},
{
"name": "25574",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25574"
},
{
"name": "20131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20131"
}
]
}
} }

32
2011/0xxx/CVE-2011-0102.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-0102", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-0102",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

158
2011/0xxx/CVE-2011-0160.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-0160", "ID": "CVE-2011-0160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4564", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4564" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header."
{ }
"name" : "http://support.apple.com/kb/HT4566", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4566" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2011-03-09-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-03-09-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" ]
}, },
{ "references": {
"name" : "1025182", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025182" "name": "http://support.apple.com/kb/HT4564",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT4564"
} },
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "1025182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025182"
}
]
}
} }

32
2011/0xxx/CVE-2011-0301.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0301", "ID": "CVE-2011-0301",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2011/0xxx/CVE-2011-0461.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0461", "ID": "CVE-2011-0461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[opensuse-updates] 20110314 openSUSE-SU-2011:0171-1 (moderate): aaa_base security update", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.opensuse.org/opensuse-updates/2011-03/msg00007.html" "lang": "eng",
}, "value": "/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab."
{ }
"name" : "http://support.novell.com/security/cve/CVE-2011-0461.html", ]
"refsource" : "CONFIRM", },
"url" : "http://support.novell.com/security/cve/CVE-2011-0461.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.novell.com/665479", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/665479" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2011:005", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2011:009", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" "name": "SUSE-SR:2011:009",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
} },
{
"name": "https://bugzilla.novell.com/665479",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/665479"
},
{
"name": "http://support.novell.com/security/cve/CVE-2011-0461.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2011-0461.html"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "[opensuse-updates] 20110314 openSUSE-SU-2011:0171-1 (moderate): aaa_base security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-03/msg00007.html"
}
]
}
} }

168
2011/1xxx/CVE-2011-1359.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1359", "ID": "CVE-2011-1359",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21509257", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21509257" "lang": "eng",
}, "value": "Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI."
{ }
"name" : "PM45322", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49362", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49362" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "74817", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/74817" ]
}, },
{ "references": {
"name" : "45749", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45749" "name": "websphere-admin-console-dir-traversal(69473)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69473"
"name" : "websphere-admin-console-dir-traversal(69473)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69473" "name": "45749",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/45749"
} },
{
"name": "PM45322",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322"
},
{
"name": "49362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49362"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21509257",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21509257"
},
{
"name": "74817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74817"
}
]
}
} }

138
2011/1xxx/CVE-2011-1905.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1905", "ID": "CVE-2011-1905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors."
{ }
"name" : "https://support.proofpoint.com/article.cgi?article_id=338413", ]
"refsource" : "MISC", },
"url" : "https://support.proofpoint.com/article.cgi?article_id=338413" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#790980", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/790980" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.proofpoint.com/article.cgi?article_id=338413",
"refsource": "MISC",
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"name": "VU#790980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"name": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
}
]
}
} }

288
2011/3xxx/CVE-2011-3036.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3036", "ID": "CVE-2011-3036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=113258", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=113258" "lang": "eng",
}, "value": "Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5400", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5485" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT5503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-07-25-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "APPLE-SA-2012-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "1026759",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026759"
"name" : "GLSA-201203-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" "name": "48527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48527"
"name" : "openSUSE-SU-2012:0374", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" "name": "chrome-line-box-code-exec(73647)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73647"
"name" : "52271", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52271" "name": "48265",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48265"
"name" : "79795", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79795" "name": "48419",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48419"
"name" : "oval:org.mitre.oval:def:15072", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15072" "name": "openSUSE-SU-2012:0374",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
"name" : "1026759", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026759" "name": "APPLE-SA-2012-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
"name" : "48527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48527" "name": "APPLE-SA-2012-07-25-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
"name" : "48419", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48419" "name": "oval:org.mitre.oval:def:15072",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15072"
"name" : "48265", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48265" "name": "http://code.google.com/p/chromium/issues/detail?id=113258",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=113258"
"name" : "chrome-line-box-code-exec(73647)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73647" "name": "52271",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52271"
} },
{
"name": "GLSA-201203-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
},
{
"name": "79795",
"refsource": "OSVDB",
"url": "http://osvdb.org/79795"
}
]
}
} }

32
2011/3xxx/CVE-2011-3612.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3612", "ID": "CVE-2011-3612",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2011/3xxx/CVE-2011-3721.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3721", "ID": "CVE-2011-3721",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/concrete5.4.0.5", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/concrete5.4.0.5" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/concrete5.4.0.5",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/concrete5.4.0.5"
}
]
}
} }

138
2011/3xxx/CVE-2011-3746.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3746", "ID": "CVE-2011-3746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/jcow.4.2.1", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/jcow.4.2.1" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/jcow.4.2.1",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/jcow.4.2.1"
}
]
}
} }

32
2011/4xxx/CVE-2011-4174.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4174", "ID": "CVE-2011-4174",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2011/4xxx/CVE-2011-4219.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4219", "ID": "CVE-2011-4219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#275036", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/275036" "lang": "eng",
}, "value": "Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document."
{ }
"name" : "slimpdf-branch-code-execution(71097)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71097" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "slimpdf-branch-code-execution(71097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71097"
},
{
"name": "VU#275036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/275036"
}
]
}
} }

128
2011/4xxx/CVE-2011-4689.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4689", "ID": "CVE-2011-4689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lcamtuf.coredump.cx/cachetime/", "description_data": [
"refsource" : "MISC", {
"url" : "http://lcamtuf.coredump.cx/cachetime/" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code."
{ }
"name" : "47129", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/47129" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47129"
},
{
"name": "http://lcamtuf.coredump.cx/cachetime/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/cachetime/"
}
]
}
} }

128
2013/5xxx/CVE-2013-5035.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5035", "ID": "CVE-2013-5035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130816 Open-Xchange Security Advisory 2013-08-16", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html" "lang": "eng",
}, "value": "Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations."
{ }
"name" : "http://sourceforge.net/p/htmlcleaner/bugs/86/", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/p/htmlcleaner/bugs/86/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/htmlcleaner/bugs/86/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/htmlcleaner/bugs/86/"
},
{
"name": "20130816 Open-Xchange Security Advisory 2013-08-16",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0115.html"
}
]
}
} }

128
2013/5xxx/CVE-2013-5635.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5635", "ID": "CVE-2013-5635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt" "lang": "eng",
}, "value": "Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously."
{ }
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589", ]
"refsource" : "CONFIRM", },
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt"
},
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589"
}
]
}
} }

118
2013/5xxx/CVE-2013-5755.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5755", "ID": "CVE-2013-5755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33739", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/33739" "lang": "eng",
} "value": "config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33739",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33739"
}
]
}
} }

32
2014/2xxx/CVE-2014-2007.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2007", "ID": "CVE-2014-2007",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2014/2xxx/CVE-2014-2340.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2340", "ID": "CVE-2014-2340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140402 Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/531712/100/0/threaded" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php."
{ }
"name" : "32701", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/32701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23206", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23206" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/", ]
"refsource" : "CONFIRM", }
"url" : "http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/" ]
}, },
{ "references": {
"name" : "66280", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66280" "name": "32701",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/32701"
"name" : "57362", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57362" "name": "66280",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66280"
} },
{
"name": "https://www.htbridge.com/advisory/HTB23206",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23206"
},
{
"name": "57362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57362"
},
{
"name": "20140402 Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531712/100/0/threaded"
},
{
"name": "http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/"
}
]
}
} }

188
2014/2xxx/CVE-2014-2575.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2575", "ID": "CVE-2014-2575",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/532304/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter."
{ }
"name" : "33700", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/33700" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Jun/24" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager", ]
"refsource" : "MISC", }
"url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html" "name": "107742",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/107742"
"name" : "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2", },
"refsource" : "CONFIRM", {
"url" : "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2" "name": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2",
}, "refsource": "CONFIRM",
{ "url": "http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2"
"name" : "67902", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67902" "name": "67902",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/67902"
"name" : "107742", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/107742" "name": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html"
} },
{
"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/24"
},
{
"name": "20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532304/100/0/threaded"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager"
},
{
"name": "33700",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33700"
}
]
}
} }

128
2014/2xxx/CVE-2014-2731.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2731", "ID": "CVE-2014-2731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80."
{ }
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01"
}
]
}
} }

32
2014/2xxx/CVE-2014-2833.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2833", "ID": "CVE-2014-2833",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2014/6xxx/CVE-2014-6171.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-6171", "ID": "CVE-2014-6171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "PI29134", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-wsportal-cve20146171-xss(98383)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "PI29134",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"name": "ibm-wsportal-cve20146171-xss(98383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
]
}
} }

158
2014/6xxx/CVE-2014-6280.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6280", "ID": "CVE-2014-6280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140916 Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533457/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php."
{ }
"name" : "http://packetstormsecurity.com/files/128286/OsClass-3.4.1-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128286/OsClass-3.4.1-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.netsparker.com/xss-vulnerabilities-in-osclass/", ]
"refsource" : "MISC", }
"url" : "https://www.netsparker.com/xss-vulnerabilities-in-osclass/" ]
}, },
{ "references": {
"name" : "http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download" "name": "20140916 Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/533457/100/0/threaded"
} },
{
"name": "http://packetstormsecurity.com/files/128286/OsClass-3.4.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128286/OsClass-3.4.1-Cross-Site-Scripting.html"
},
{
"name": "http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download",
"refsource": "CONFIRM",
"url": "http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download"
},
{
"name": "https://www.netsparker.com/xss-vulnerabilities-in-osclass/",
"refsource": "MISC",
"url": "https://www.netsparker.com/xss-vulnerabilities-in-osclass/"
},
{
"name": "https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435",
"refsource": "MISC",
"url": "https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435"
}
]
}
} }

158
2014/6xxx/CVE-2014-6479.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6479", "ID": "CVE-2014-6479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration."
{ }
"name" : "70485", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031042", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031042" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61725", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/61725" ]
}, },
{ "references": {
"name" : "61781", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61781" "name": "61781",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/61781"
} },
{
"name": "1031042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031042"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "70485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70485"
},
{
"name": "61725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61725"
}
]
}
} }

198
2014/6xxx/CVE-2014-6494.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6494", "ID": "CVE-2014-6494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496."
{ }
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", ]
"refsource" : "CONFIRM", },
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" ]
}, },
{ "references": {
"name" : "GLSA-201411-02", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698"
"name" : "SUSE-SU-2015:0743", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" "name": "62073",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62073"
"name" : "70497", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70497" "name": "70497",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/70497"
"name" : "61579", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61579" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "62073", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62073" "name": "SUSE-SU-2015:0743",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
} },
{
"name": "GLSA-201411-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "61579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61579"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
} }

148
2014/7xxx/CVE-2014-7189.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2014-7189", "ID": "CVE-2014-7189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/09/26/28" "lang": "eng",
}, "value": "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors."
{ }
"name" : "https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ", ]
"refsource" : "CONFIRM", },
"url" : "https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70156", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70156" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "go-cve20147189-sec-bypass(96693)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96693" ]
} },
] "references": {
} "reference_data": [
{
"name": "go-cve20147189-sec-bypass(96693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96693"
},
{
"name": "70156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70156"
},
{
"name": "[oss-security] 20140926 Re: CVE Request: Go crypto/tls vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/26/28"
},
{
"name": "https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ"
}
]
}
} }

138
2014/7xxx/CVE-2014-7254.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-7254", "ID": "CVE-2014-7254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jvn.jp/en/jp/JVN61593104/995312/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://jvn.jp/en/jp/JVN61593104/995312/index.html" "lang": "eng",
}, "value": "Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors."
{ }
"name" : "JVN#61593104", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN61593104/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2014-000139", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000139.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000139",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000139.html"
},
{
"name": "JVN#61593104",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61593104/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN61593104/995312/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN61593104/995312/index.html"
}
]
}
} }

138
2014/7xxx/CVE-2014-7892.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2014-7892", "ID": "CVE-2014-7892",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBHF03279", "description_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" "lang": "eng",
}, "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508."
{ }
"name" : "SSRT101692", ]
"refsource" : "HP", },
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031840", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031840" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1031840",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031840"
},
{
"name": "HPSBHF03279",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name": "SSRT101692",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
}
]
}
} }

138
2017/0xxx/CVE-2017-0503.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0503", "ID": "CVE-2017-0503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075."
{ }
"name" : "96726", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96726" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
} }

144
2017/0xxx/CVE-2017-0567.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0567", "ID": "CVE-2017-0567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-04-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32125310. References: B-RB#112575."
{ }
"name" : "97331", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97331" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038201", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038201" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97331"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
} }

162
2017/0xxx/CVE-2017-0587.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0587", "ID": "CVE-2017-0587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7" "lang": "eng",
}, "value": "A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737."
{ }
"name" : "https://source.android.com/security/bulletin/2017-05-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-05-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98119", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98119" "lang": "eng",
} "value": "Remote code execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "98119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98119"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7"
}
]
}
} }

160
2017/0xxx/CVE-2017-0911.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2017-11-28T00:00:00", "DATE_PUBLIC": "2017-11-28T00:00:00",
"ID" : "CVE-2017-0911", "ID": "CVE-2017-0911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Twitter Kit for iOS", "product_name": "Twitter Kit for iOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions 3.0 to 3.2.1" "version_value": "Versions 3.0 to 3.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Twitter" "vendor_name": "Twitter"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the \"Login with Twitter\" component allowing an attacker to provide alternate credentials. In the final step of \"Login with Twitter\" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Trust of System Event Data (CWE-360)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/290229", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/290229" "lang": "eng",
}, "value": "Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the \"Login with Twitter\" component allowing an attacker to provide alternate credentials. In the final step of \"Login with Twitter\" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service."
{ }
"name" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html", ]
"refsource" : "CONFIRM", },
"url" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71" "lang": "eng",
}, "value": "Trust of System Event Data (CWE-360)"
{ }
"name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411" ]
}, },
{ "references": {
"name" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017" "name": "https://hackerone.com/reports/290229",
} "refsource": "MISC",
] "url": "https://hackerone.com/reports/290229"
} },
{
"name": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html",
"refsource": "CONFIRM",
"url": "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html"
},
{
"name": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411",
"refsource": "CONFIRM",
"url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411"
},
{
"name": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017",
"refsource": "CONFIRM",
"url": "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017"
},
{
"name": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71",
"refsource": "CONFIRM",
"url": "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71"
}
]
}
} }

132
2017/1000xxx/CVE-2017-1000025.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.275197", "DATE_ASSIGNED": "2017-05-06T20:43:28.275197",
"ID" : "CVE-2017-1000025", "ID": "CVE-2017-1000025",
"REQUESTER" : "mcatanzaro@gnome.org", "REQUESTER": "mcatanzaro@gnome.org",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GNOME Web (Epiphany)", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GNOME" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Password extraction"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver" "lang": "eng",
}, "value": "GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites."
{ }
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=752738", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=752738" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=752738",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=752738"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"
}
]
}
} }

122
2017/1000xxx/CVE-2017-1000237.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.466749", "DATE_ASSIGNED": "2017-08-22T17:29:33.466749",
"ID" : "CVE-2017-1000237", "ID": "CVE-2017-1000237",
"REQUESTER" : "j.singh@sec-consult.com", "REQUESTER": "j.singh@sec-consult.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "I, Librarian", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=4.6 & 4.7" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "I, Librarian" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt" "lang": "eng",
} "value": "I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt"
}
]
}
} }

130
2017/18xxx/CVE-2017-18061.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2017-18061", "ID": "CVE-2017-18061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f", "description_data": [
"refsource" : "MISC", {
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f" "lang": "eng",
}, "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas()."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b65cf2a007e88fe86dbd6d3269682fc585a4130f"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
} }

156
2017/1xxx/CVE-2017-1151.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2017-1151", "ID": "CVE-2017-1151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebSphere Application Server", "product_name": "WebSphere Application Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.5" "version_value": "8.5"
}, },
{ {
"version_value" : "8.5.5" "version_value": "8.5.5"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999293", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999293" "lang": "eng",
}, "value": "IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293."
{ }
"name" : "96841", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96841" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037984", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037984" "lang": "eng",
} "value": "Gain Privileges"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1037984",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037984"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999293",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999293"
},
{
"name": "96841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96841"
}
]
}
} }

158
2017/1xxx/CVE-2017-1176.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-06-30T00:00:00", "DATE_PUBLIC": "2017-06-30T00:00:00",
"ID" : "CVE-2017-1176", "ID": "CVE-2017-1176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Maximo Asset Management", "product_name": "Maximo Asset Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.1" "version_value": "7.1"
}, },
{ {
"version_value" : "7.5" "version_value": "7.5"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.6" "version_value": "7.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299" "lang": "eng",
}, "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005210", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005210" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99371", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99371" "lang": "eng",
} "value": "Obtain Information"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
},
{
"name": "99371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99371"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005210",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
}
]
}
} }

172
2017/1xxx/CVE-2017-1447.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-1447", "ID": "CVE-2017-1447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Emptoris Sourcing", "product_name": "Emptoris Sourcing",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.5" "version_value": "9.5"
}, },
{ {
"version_value" : "10.0.0" "version_value": "10.0.0"
}, },
{ {
"version_value" : "10.0.1" "version_value": "10.0.1"
}, },
{ {
"version_value" : "10.0.2" "version_value": "10.0.2"
}, },
{ {
"version_value" : "10.0.4" "version_value": "10.0.4"
}, },
{ {
"version_value" : "10.1.0" "version_value": "10.1.0"
}, },
{ {
"version_value" : "10.1.1" "version_value": "10.1.1"
}, },
{ {
"version_value" : "10.1.3" "version_value": "10.1.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172" "lang": "eng",
}, "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005834" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
]
}
} }

32
2017/1xxx/CVE-2017-1590.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1590", "ID": "CVE-2017-1590",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

216
2017/1xxx/CVE-2017-1633.json
View File

@ -1,111 +1,111 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-17T00:00:00", "DATE_PUBLIC": "2018-07-17T00:00:00",
"ID" : "CVE-2017-1633", "ID": "CVE-2017-1633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sterling B2B Integrator", "product_name": "Sterling B2B Integrator",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2" "version_value": "5.2"
}, },
{ {
"version_value" : "5.2.4" "version_value": "5.2.4"
}, },
{ {
"version_value" : "5.2.1" "version_value": "5.2.1"
}, },
{ {
"version_value" : "5.2.2" "version_value": "5.2.2"
}, },
{ {
"version_value" : "5.2.3" "version_value": "5.2.3"
}, },
{ {
"version_value" : "5.2.5" "version_value": "5.2.5"
}, },
{ {
"version_value" : "5.2.6" "version_value": "5.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716747", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716747" "lang": "eng",
}, "value": "IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180."
{ }
"name" : "104927", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104927" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-sterling-cve20171633-info-disc(133180)", "A": "N",
"refsource" : "XF", "AC": "L",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133180" "AV": "N",
} "C": "L",
] "I": "N",
} "PR": "L",
"S": "U",
"SCORE": "4.300",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10716747",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10716747"
},
{
"name": "104927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104927"
},
{
"name": "ibm-sterling-cve20171633-info-disc(133180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133180"
}
]
}
} }

154
2017/1xxx/CVE-2017-1682.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-12T00:00:00", "DATE_PUBLIC": "2018-02-12T00:00:00",
"ID" : "CVE-2017-1682", "ID": "CVE-2017-1682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Connections", "product_name": "Connections",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.5" "version_value": "4.5"
}, },
{ {
"version_value" : "4.0" "version_value": "4.0"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.5" "version_value": "5.5"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004" "lang": "eng",
}, "value": "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012900", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012900" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012900",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
}
]
}
} }

178
2017/5xxx/CVE-2017-5018.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5018", "ID": "CVE-2017-5018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page."
{ }
"name" : "https://crbug.com/668665", ]
"refsource" : "CONFIRM", },
"url" : "https://crbug.com/668665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3776", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3776" "lang": "eng",
}, "value": "insufficient policy enforcement"
{ }
"name" : "GLSA-201701-66", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-66" ]
}, },
{ "references": {
"name" : "RHSA-2017:0206", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" "name": "95792",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95792"
"name" : "95792", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95792" "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
"name" : "1037718", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037718" "name": "GLSA-201701-66",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201701-66"
} },
{
"name": "https://crbug.com/668665",
"refsource": "CONFIRM",
"url": "https://crbug.com/668665"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
} }

138
2017/5xxx/CVE-2017-5177.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5177", "ID": "CVE-2017-5177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VIPA Controls WinPLC7", "product_name": "VIPA Controls WinPLC7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "VIPA Controls WinPLC7" "version_value": "VIPA Controls WinPLC7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42693", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42693/" "lang": "eng",
}, "value": "A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96413", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96413" "lang": "eng",
} "value": "CWE-121"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "42693",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42693/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-01"
},
{
"name": "96413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96413"
}
]
}
} }

118
2017/5xxx/CVE-2017-5260.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5260", "ID": "CVE-2017-5260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "cnPilot", "product_name": "cnPilot",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.3.2-R4 and prior" "version_value": "4.3.2-R4 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cambium Networks" "vendor_name": "Cambium Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" "lang": "eng",
} "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
} }

128
2017/5xxx/CVE-2017-5347.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5347", "ID": "CVE-2017-5347",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/semplon/GeniXCMS/issues/61", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/semplon/GeniXCMS/issues/61" "lang": "eng",
}, "value": "SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php."
{ }
"name" : "95684", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95684" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/semplon/GeniXCMS/issues/61",
"refsource": "MISC",
"url": "https://github.com/semplon/GeniXCMS/issues/61"
},
{
"name": "95684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95684"
}
]
}
} }

130
2017/5xxx/CVE-2017-5797.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-03-13T00:00:00", "DATE_PUBLIC": "2017-03-13T00:00:00",
"ID" : "CVE-2017-5797", "ID": "CVE-2017-5797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (IMC)", "product_name": "Intelligent Management Center (IMC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SOM V7.3 (E0501)" "version_value": "SOM V7.3 (E0501)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Unauthenticated Disclosure of Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03719en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03719en_us" "lang": "eng",
}, "value": "A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found."
{ }
"name" : "97214", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97214" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Remote Unauthenticated Disclosure of Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97214"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03719en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03719en_us"
}
]
}
} }