admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:03:12 +00:00
parent 6db8dc5b69
commit f5bc750717
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4237 additions and 4239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2001/0xxx/CVE-2001-0139.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0139", "ID": "CVE-2001-0139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010110 Immunix OS Security update for lots of temp file problems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" "lang": "eng",
}, "value": "inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations."
{ }
"name" : "MDKSA-2001:010", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CSSA-2001-001.0", "description": [
"refsource" : "CALDERA", {
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "linux-inn-symlink(5916)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5916" ]
}, },
{ "references": {
"name" : "2190", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2190" "name": "20010110 Immunix OS Security update for lots of temp file problems",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2"
} },
{
"name": "linux-inn-symlink(5916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5916"
},
{
"name": "MDKSA-2001:010",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3"
},
{
"name": "2190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2190"
},
{
"name": "CSSA-2001-001.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt"
}
]
}
} }

148
2001/1xxx/CVE-2001-1406.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1406", "ID": "CVE-2001-1406",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "process_bug.cgi in Bugzilla before 2.14 does not set the \"groupset\" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010829 Security Advisory for Bugzilla v2.13 and older", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=99912899900567" "lang": "eng",
}, "value": "process_bug.cgi in Bugzilla before 2.14 does not set the \"groupset\" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent."
{ }
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=66235", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=66235" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2001:107", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2001-107.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "bugzilla-processbug-old-restrictions(10478)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10478.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "20010829 Security Advisory for Bugzilla v2.13 and older",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99912899900567"
},
{
"name": "RHSA-2001:107",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-107.html"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=66235",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=66235"
},
{
"name": "bugzilla-processbug-old-restrictions(10478)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10478.php"
}
]
}
} }

138
2001/1xxx/CVE-2001-1479.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1479", "ID": "CVE-2001-1479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/unixfocus/6K00S203FC.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/unixfocus/6K00S203FC.html" "lang": "eng",
}, "value": "smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT."
{ }
"name" : "sun-smcboot-tmp-symlink(7756)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7756" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3763", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3763" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/unixfocus/6K00S203FC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6K00S203FC.html"
},
{
"name": "sun-smcboot-tmp-symlink(7756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7756"
},
{
"name": "3763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3763"
}
]
}
} }

168
2006/2xxx/CVE-2006-2033.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2033", "ID": "CVE-2006-2033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431761/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue."
{ }
"name" : "20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.nukedx.com/?getxpl=24", "description": [
"refsource" : "MISC", {
"url" : "http://www.nukedx.com/?getxpl=24" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17655", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17655" ]
}, },
{ "references": {
"name" : "797", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/797" "name": "corenews-index-file-include(25979)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25979"
"name" : "corenews-index-file-include(25979)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25979" "name": "20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.",
} "refsource": "FULLDISC",
] "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.html"
} },
{
"name": "http://www.nukedx.com/?getxpl=24",
"refsource": "MISC",
"url": "http://www.nukedx.com/?getxpl=24"
},
{
"name": "797",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/797"
},
{
"name": "20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431761/100/0/threaded"
},
{
"name": "17655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17655"
}
]
}
} }

158
2006/2xxx/CVE-2006-2359.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2359", "ID": "CVE-2006-2359",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060511 phpBB \"charts.php\" XSS and SQL-Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433715/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection."
{ }
"name" : "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/433848/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434461/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17952", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17952" ]
}, },
{ "references": {
"name" : "phpbb-charts-xss(26414)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414" "name": "20060516 Re: phpBB \"charts.php\" XSS and SQL-Injection",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/434461/100/0/threaded"
} },
{
"name": "20060512 Re: phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433848/100/0/threaded"
},
{
"name": "17952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17952"
},
{
"name": "phpbb-charts-xss(26414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26414"
},
{
"name": "20060511 phpBB \"charts.php\" XSS and SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433715/100/0/threaded"
}
]
}
} }

258
2006/2xxx/CVE-2006-2370.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2006-2370", "ID": "CVE-2006-2370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" aka the \"RRAS Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS06-025", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025" "lang": "eng",
}, "value": "Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" aka the \"RRAS Memory Corruption Vulnerability.\""
{ }
"name" : "TA06-164A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-164A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#631516", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/631516" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18325", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18325" ]
}, },
{ "references": {
"name" : "ADV-2006-2323", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2323" "name": "win-rras-bo(26812)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26812"
"name" : "26437", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26437" "name": "MS06-025",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
"name" : "oval:org.mitre.oval:def:1587", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587" "name": "oval:org.mitre.oval:def:1720",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720"
"name" : "oval:org.mitre.oval:def:1720", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720" "name": "oval:org.mitre.oval:def:1587",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587"
"name" : "oval:org.mitre.oval:def:1741", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741" "name": "oval:org.mitre.oval:def:1936",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936"
"name" : "oval:org.mitre.oval:def:1823", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823" "name": "ADV-2006-2323",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2323"
"name" : "oval:org.mitre.oval:def:1936", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936" "name": "TA06-164A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
"name" : "oval:org.mitre.oval:def:2061", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061" "name": "oval:org.mitre.oval:def:1741",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741"
"name" : "1016285", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016285" "name": "26437",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26437"
"name" : "20630", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20630" "name": "1016285",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016285"
"name" : "win-rras-bo(26812)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26812" "name": "VU#631516",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/631516"
} },
{
"name": "20630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20630"
},
{
"name": "18325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18325"
},
{
"name": "oval:org.mitre.oval:def:2061",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061"
},
{
"name": "oval:org.mitre.oval:def:1823",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823"
}
]
}
} }

178
2006/2xxx/CVE-2006-2688.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2688", "ID": "CVE-2006-2688",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.achievo.org/download/releasenotes/1_2_1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.achievo.org/download/releasenotes/1_2_1" "lang": "eng",
}, "value": "SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter."
{ }
"name" : "http://bugzilla.achievo.org/show_bug.cgi?id=624", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.achievo.org/show_bug.cgi?id=624" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18171", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18171" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2053", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2053" ]
}, },
{ "references": {
"name" : "25811", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25811" "name": "ADV-2006-2053",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2053"
"name" : "20327", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20327" "name": "achievo-atkselector-sql-injection(26755)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755"
"name" : "achievo-atkselector-sql-injection(26755)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26755" "name": "http://www.achievo.org/download/releasenotes/1_2_1",
} "refsource": "CONFIRM",
] "url": "http://www.achievo.org/download/releasenotes/1_2_1"
} },
{
"name": "25811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25811"
},
{
"name": "http://bugzilla.achievo.org/show_bug.cgi?id=624",
"refsource": "CONFIRM",
"url": "http://bugzilla.achievo.org/show_bug.cgi?id=624"
},
{
"name": "20327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20327"
},
{
"name": "18171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18171"
}
]
}
} }

308
2006/2xxx/CVE-2006-2842.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2842", "ID": "CVE-2006-2842",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060601 Squirrelmail local file inclusion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435605/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
{ }
"name" : "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE", ]
"refsource" : "CONFIRM", },
"url" : "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.squirrelmail.org/security/issue/2006-06-01", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.squirrelmail.org/security/issue/2006-06-01" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://docs.info.apple.com/article.html?artnum=306172", ]
"refsource" : "CONFIRM", }
"url" : "http://docs.info.apple.com/article.html?artnum=306172" ]
}, },
{ "references": {
"name" : "APPLE-SA-2007-07-31", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html" "name": "SUSE-SR:2006:017",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
"name" : "MDKSA-2006:101", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101" "name": "ADV-2007-2732",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2732"
"name" : "RHSA-2006:0547", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0547.html" "name": "18231",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18231"
"name" : "20060703-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" "name": "APPLE-SA-2007-07-31",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
"name" : "SUSE-SR:2006:017", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_17_sr.html" "name": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE",
}, "refsource": "CONFIRM",
{ "url": "http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE"
"name" : "18231", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18231" "name": "20060601 Squirrelmail local file inclusion",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435605/100/0/threaded"
"name" : "25159", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25159" "name": "21262",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21262"
"name" : "oval:org.mitre.oval:def:11670", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670" "name": "RHSA-2006:0547",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0547.html"
"name" : "ADV-2006-2101", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2101" "name": "20406",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20406"
"name" : "ADV-2007-2732", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2732" "name": "1016209",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016209"
"name" : "1016209", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016209" "name": "http://www.squirrelmail.org/security/issue/2006-06-01",
}, "refsource": "CONFIRM",
{ "url": "http://www.squirrelmail.org/security/issue/2006-06-01"
"name" : "20406", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20406" "name": "ADV-2006-2101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2101"
"name" : "20931", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20931" "name": "http://docs.info.apple.com/article.html?artnum=306172",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=306172"
"name" : "21159", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21159" "name": "21159",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21159"
"name" : "21262", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21262" "name": "25159",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25159"
"name" : "26235", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26235" "name": "MDKSA-2006:101",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:101"
} },
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name": "oval:org.mitre.oval:def:11670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11670"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
},
{
"name": "20931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20931"
}
]
}
} }

198
2006/3xxx/CVE-2006-3454.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3454", "ID": "CVE-2006-3454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446041/100/0/threaded" "lang": "eng",
}, "value": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages."
{ }
"name" : "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/446293/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://layereddefense.com/SAV13SEPT.html", "description": [
"refsource" : "MISC", {
"url" : "http://layereddefense.com/SAV13SEPT.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html", ]
"refsource" : "CONFIRM", }
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html" ]
}, },
{ "references": {
"name" : "19986", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19986" "name": "1016842",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016842"
"name" : "ADV-2006-3599", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3599" "name": "symantecantivirus-messages-code-execution(28936)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
"name" : "1016842", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016842" "name": "20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
"name" : "21884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21884" "name": "http://layereddefense.com/SAV13SEPT.html",
}, "refsource": "MISC",
{ "url": "http://layereddefense.com/SAV13SEPT.html"
"name" : "symantecantivirus-messages-code-execution(28936)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936" "name": "19986",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19986"
} },
{
"name": "21884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21884"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
},
{
"name": "ADV-2006-3599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3599"
},
{
"name": "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
}
]
}
} }

148
2006/6xxx/CVE-2006-6307.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6307", "ID": "CVE-2006-6307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html" "lang": "eng",
}, "value": "srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary."
{ }
"name" : "21430", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21430" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4840", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4840" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23244", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23244" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html"
},
{
"name": "ADV-2006-4840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4840"
},
{
"name": "21430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21430"
},
{
"name": "23244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23244"
}
]
}
} }

158
2006/6xxx/CVE-2006-6450.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6450", "ID": "CVE-2006-6450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters."
{ }
"name" : "21473", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21473" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4864", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4864" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23243", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/23243" ]
}, },
{ "references": {
"name" : "zenworks-pmgmt-downloadreport-sql-injection(30768)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30768" "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html",
} "refsource": "CONFIRM",
] "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/298/3506963_f.SAL_Public.html"
} },
{
"name": "zenworks-pmgmt-downloadreport-sql-injection(30768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30768"
},
{
"name": "ADV-2006-4864",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4864"
},
{
"name": "21473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21473"
},
{
"name": "23243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23243"
}
]
}
} }

158
2006/6xxx/CVE-2006-6587.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6587", "ID": "CVE-2006-6587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061209 (no subject)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0177.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message."
{ }
"name" : "https://issues.apache.org/jira/browse/OFBIZ-178", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/OFBIZ-178" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://issues.apache.org/jira/browse/OFBIZ-260", "description": [
"refsource" : "CONFIRM", {
"url" : "https://issues.apache.org/jira/browse/OFBIZ-260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21529", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/21529" ]
}, },
{ "references": {
"name" : "1017360", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017360" "name": "1017360",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1017360"
} },
{
"name": "20061209 (no subject)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0177.html"
},
{
"name": "21529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21529"
},
{
"name": "https://issues.apache.org/jira/browse/OFBIZ-260",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/OFBIZ-260"
},
{
"name": "https://issues.apache.org/jira/browse/OFBIZ-178",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/OFBIZ-178"
}
]
}
} }

168
2006/6xxx/CVE-2006-6678.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6678", "ID": "CVE-2006-6678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4", "description_data": [
"refsource" : "MISC", {
"url" : "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4" "lang": "eng",
}, "value": "The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1251", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1251" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22158", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/22158" ]
}, },
{ "references": {
"name" : "ADV-2006-5092", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/5092" "name": "DSA-1251",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2007/dsa-1251"
"name" : "23822", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23822" "name": "22158",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/22158"
} },
{
"name": "ADV-2006-5092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5092"
},
{
"name": "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4",
"refsource": "MISC",
"url": "http://netrik.cvs.sourceforge.net/netrik/netrik/form-file.c?r1=1.3&r2=1.4"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=472131&group_id=23183"
},
{
"name": "23822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23822"
}
]
}
} }

148
2006/7xxx/CVE-2006-7015.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-7015", "ID": "CVE-2006-7015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060613 Jobline 1 1 1 Version - Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436990/30/4440/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests."
{ }
"name" : "20070214 false: old Jobline RFI", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2007-February/001325.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2254", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2254" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jobline-mosconfig-file-include(27125)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27125" ]
} },
] "references": {
} "reference_data": [
{
"name": "jobline-mosconfig-file-include(27125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27125"
},
{
"name": "2254",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2254"
},
{
"name": "20060613 Jobline 1 1 1 Version - Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436990/30/4440/threaded"
},
{
"name": "20070214 false: old Jobline RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-February/001325.html"
}
]
}
} }

32
2011/0xxx/CVE-2011-0236.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0236", "ID": "CVE-2011-0236",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2011/0xxx/CVE-2011-0796.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0796", "ID": "CVE-2011-0796",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" "lang": "eng",
} "value": "Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
} }

128
2011/0xxx/CVE-2011-0876.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-0876", "ID": "CVE-2011-0876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security."
{ }
"name" : "TA11-201A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
} }

158
2011/2xxx/CVE-2011-2122.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2122", "ID": "CVE-2011-2122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110614 [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518439/100/0/threaded" "lang": "eng",
}, "value": "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA11-166A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48297", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/48297" ]
}, },
{ "references": {
"name" : "73029", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/73029" "name": "20110614 [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/518439/100/0/threaded"
} },
{
"name": "73029",
"refsource": "OSVDB",
"url": "http://osvdb.org/73029"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html"
},
{
"name": "TA11-166A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html"
},
{
"name": "48297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48297"
}
]
}
} }

118
2011/2xxx/CVE-2011-2171.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2171", "ID": "CVE-2011-2171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html" "lang": "eng",
} "value": "Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html"
}
]
}
} }

32
2011/2xxx/CVE-2011-2539.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2539", "ID": "CVE-2011-2539",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2011/2xxx/CVE-2011-2959.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2959", "ID": "CVE-2011-2959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.insomniasec.com/advisories/ISVA-110427.1.htm", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.insomniasec.com/advisories/ISVA-110427.1.htm" "lang": "eng",
}, "value": "Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-119-01.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-119-01.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72117", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/72117" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44345", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/44345" ]
} },
] "references": {
} "reference_data": [
{
"name": "44345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44345"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-119-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-119-01.pdf"
},
{
"name": "72117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72117"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-110427.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-110427.1.htm"
}
]
}
} }

32
2011/3xxx/CVE-2011-3333.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3333", "ID": "CVE-2011-3333",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2011/3xxx/CVE-2011-3428.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-3428", "ID": "CVE-2011-3428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/en-us/HT5016", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/en-us/HT5016" "lang": "eng",
} "value": "Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT5016",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT5016"
}
]
}
} }

278
2011/3xxx/CVE-2011-3551.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3551", "ID": "CVE-2011-3551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
{ }
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201406-32", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02730", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" ]
}, },
{ "references": {
"name" : "SSRT100710", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "HPSBMU02797", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "SSRT100867", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "HPSBUX02730",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "RHSA-2011:1384", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" "name": "SUSE-SU-2012:0114",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "SUSE-SU-2012:0114", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" "name": "SSRT100710",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
"name" : "USN-1263-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1263-1" "name": "RHSA-2011:1384",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
"name" : "50224", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50224" "name": "50224",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50224"
"name" : "oval:org.mitre.oval:def:14318", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14318" "name": "oval:org.mitre.oval:def:14318",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14318"
"name" : "1026215", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026215" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "SSRT100867",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
"name" : "oracle-jre-2d-unspecified(70842)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70842" "name": "oracle-jre-2d-unspecified(70842)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70842"
} },
{
"name": "1026215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026215"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
} }

32
2011/3xxx/CVE-2011-3624.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3624", "ID": "CVE-2011-3624",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2011/4xxx/CVE-2011-4237.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-4237", "ID": "CVE-2011-4237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.nessus.org/plugins/index.php?view=single&id=58950", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.nessus.org/plugins/index.php?view=single&id=58950" "lang": "eng",
}, "value": "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
{ }
"name" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49094", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49094" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "49094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49094"
},
{
"name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
},
{
"name": "http://www.nessus.org/plugins/index.php?view=single&id=58950",
"refsource": "MISC",
"url": "http://www.nessus.org/plugins/index.php?view=single&id=58950"
}
]
}
} }

188
2011/4xxx/CVE-2011-4354.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4354", "ID": "CVE-2011-4354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111201 CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/12/01/6" "lang": "eng",
}, "value": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts."
{ }
"name" : "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip", ]
"refsource" : "MISC", },
"url" : "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://eprint.iacr.org/2011/633", "description": [
"refsource" : "MISC", {
"url" : "http://eprint.iacr.org/2011/633" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21", ]
"refsource" : "CONFIRM", }
"url" : "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21" ]
}, },
{ "references": {
"name" : "http://marc.info/?t=119271238800004", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://marc.info/?t=119271238800004" "name": "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip",
}, "refsource": "MISC",
{ "url": "http://crypto.di.uminho.pt/CACE/CT-RSA2012-openssl-src.zip"
"name" : "http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest", },
"refsource" : "CONFIRM", {
"url" : "http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=757909",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757909"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=757909", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=757909" "name": "[oss-security] 20111201 CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/12/01/6"
"name" : "DSA-2390", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2390" "name": "http://eprint.iacr.org/2011/633",
} "refsource": "MISC",
] "url": "http://eprint.iacr.org/2011/633"
} },
{
"name": "http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest",
"refsource": "CONFIRM",
"url": "http://rt.openssl.org/Ticket/Display.html?id=1593&user=guest&pass=guest"
},
{
"name": "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/filediff?f=openssl/crypto/bn/bn_nist.c&v1=1.14&v2=1.21"
},
{
"name": "DSA-2390",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"name": "http://marc.info/?t=119271238800004",
"refsource": "CONFIRM",
"url": "http://marc.info/?t=119271238800004"
}
]
}
} }

208
2011/4xxx/CVE-2011-4608.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4608", "ID": "CVE-2011-4608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=767020", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=767020" "lang": "eng",
}, "value": "mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints."
{ }
"name" : "RHSA-2012:0035", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0035.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:0036", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0036.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:0037", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0037.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:0038", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0038.html" "name": "RHSA-2012:0039",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2012-0039.html"
"name" : "RHSA-2012:0039", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0039.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=767020",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767020"
"name" : "RHSA-2012:0040", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2012-0040.html" "name": "RHSA-2012:0035",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2012-0035.html"
"name" : "51554", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51554" "name": "51554",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51554"
"name" : "1026545", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026545" "name": "jboss-modcluster-security-bypass(72460)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72460"
"name" : "jboss-modcluster-security-bypass(72460)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72460" "name": "RHSA-2012:0040",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2012-0040.html"
} },
{
"name": "RHSA-2012:0037",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0037.html"
},
{
"name": "RHSA-2012:0036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0036.html"
},
{
"name": "1026545",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026545"
},
{
"name": "RHSA-2012:0038",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0038.html"
}
]
}
} }

158
2011/4xxx/CVE-2011-4621.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4621", "ID": "CVE-2011-4621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111221 Re: CVE Request -- kernel: tight loop and no preemption can cause system stall", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/12/21/6" "lang": "eng",
}, "value": "The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f26f9aff6aaf67e9a430d16c266f91b13a5bff64", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f26f9aff6aaf67e9a430d16c266f91b13a5bff64" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=769711", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=769711" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/f26f9aff6aaf67e9a430d16c266f91b13a5bff64", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/f26f9aff6aaf67e9a430d16c266f91b13a5bff64" "name": "https://github.com/torvalds/linux/commit/f26f9aff6aaf67e9a430d16c266f91b13a5bff64",
} "refsource": "CONFIRM",
] "url": "https://github.com/torvalds/linux/commit/f26f9aff6aaf67e9a430d16c266f91b13a5bff64"
} },
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name": "[oss-security] 20111221 Re: CVE Request -- kernel: tight loop and no preemption can cause system stall",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/12/21/6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=769711",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=769711"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f26f9aff6aaf67e9a430d16c266f91b13a5bff64",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f26f9aff6aaf67e9a430d16c266f91b13a5bff64"
}
]
}
} }

32
2011/4xxx/CVE-2011-4663.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4663", "ID": "CVE-2011-4663",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2013/1xxx/CVE-2013-1041.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-1041", "ID": "CVE-2013-1041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
{ }
"name" : "http://support.apple.com/kb/HT6001", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-09-18-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-10-22-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-10-22-8", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" "name": "APPLE-SA-2013-10-22-8",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
"name" : "1029054", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029054" "name": "1029054",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029054"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT6001",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT6001"
} },
{
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
} }

32
2013/1xxx/CVE-2013-1238.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1238", "ID": "CVE-2013-1238",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2013/1xxx/CVE-2013-1413.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1413", "ID": "CVE-2013-1413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130301 CVE-2013-1413", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Mar/0" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://www.csnc.ch/en/modules/news/news_0076.html_533560828.html", ]
"refsource" : "MISC", },
"url" : "http://www.csnc.ch/en/modules/news/news_0076.html_533560828.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52415", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52415" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56834", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/56834" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.csnc.ch/en/modules/news/news_0076.html_533560828.html",
"refsource": "MISC",
"url": "http://www.csnc.ch/en/modules/news/news_0076.html_533560828.html"
},
{
"name": "52415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52415"
},
{
"name": "20130301 CVE-2013-1413",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/0"
},
{
"name": "56834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56834"
}
]
}
} }

178
2013/1xxx/CVE-2013-1640.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1640", "ID": "CVE-2013-1640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://puppetlabs.com/security/cve/cve-2013-1640/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://puppetlabs.com/security/cve/cve-2013-1640/" "lang": "eng",
}, "value": "The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request."
{ }
"name" : "DSA-2643", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2013/dsa-2643" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0710", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0710.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:0618", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0641", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html" "name": "SUSE-SU-2013:0618",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"
"name" : "USN-1759-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1759-1" "name": "RHSA-2013:0710",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0710.html"
"name" : "52596", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52596" "name": "DSA-2643",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2013/dsa-2643"
} },
{
"name": "52596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52596"
},
{
"name": "USN-1759-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1759-1"
},
{
"name": "openSUSE-SU-2013:0641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"
},
{
"name": "https://puppetlabs.com/security/cve/cve-2013-1640/",
"refsource": "CONFIRM",
"url": "https://puppetlabs.com/security/cve/cve-2013-1640/"
}
]
}
} }

188
2013/1xxx/CVE-2013-1918.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1918", "ID": "CVE-2013-1918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to \"deep page table traversal.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130502 Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/05/02/8" "lang": "eng",
}, "value": "Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to \"deep page table traversal.\""
{ }
"name" : "DSA-2666", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2013/dsa-2666" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2013-7432", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201309-24", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" ]
}, },
{ "references": {
"name" : "SUSE-SU-2014:0446", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" "name": "55082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55082"
"name" : "59615", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59615" "name": "FEDORA-2013-7432",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html"
"name" : "53187", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53187" "name": "GLSA-201309-24",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
"name" : "55082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55082" "name": "53187",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/53187"
} },
{
"name": "DSA-2666",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2666"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[oss-security] 20130502 Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/02/8"
},
{
"name": "59615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59615"
}
]
}
} }

118
2013/5xxx/CVE-2013-5000.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5000", "ID": "CVE-2013-5000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php" "lang": "eng",
} "value": "phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php"
}
]
}
} }

298
2013/5xxx/CVE-2013-5851.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5851", "ID": "CVE-2013-5851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201406-32", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1440", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" ]
}, },
{ "references": {
"name" : "RHSA-2013:1447", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "RHSA-2013:1451", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" "name": "RHSA-2013:1447",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
"name" : "RHSA-2013:1507", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" "name": "RHSA-2013:1440",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
"name" : "RHSA-2013:1508", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" "name": "98558",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/98558"
"name" : "RHSA-2013:1793", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" "name": "USN-2033-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2033-1"
"name" : "SUSE-SU-2013:1666", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" "name": "oval:org.mitre.oval:def:19061",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19061"
"name" : "SUSE-SU-2013:1677", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" "name": "USN-2089-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2089-1"
"name" : "openSUSE-SU-2013:1663", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" "name": "RHSA-2013:1508",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"
"name" : "USN-2033-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2033-1" "name": "SUSE-SU-2013:1677",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
"name" : "USN-2089-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2089-1" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
"name" : "63142", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63142" "name": "openSUSE-SU-2013:1663",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
"name" : "98558", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98558" "name": "SUSE-SU-2013:1666",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
"name" : "oval:org.mitre.oval:def:19061", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19061" "name": "RHSA-2013:1793",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"
"name" : "56338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56338" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
"name" : "oracle-cpuoct2013-cve20135851(87997)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87997" "name": "RHSA-2013:1507",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
} },
{
"name": "oracle-cpuoct2013-cve20135851(87997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87997"
},
{
"name": "56338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56338"
},
{
"name": "RHSA-2013:1451",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"name": "63142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63142"
}
]
}
} }

308
2013/5xxx/CVE-2013-5898.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5898", "ID": "CVE-2013-5898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403."
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02972", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02973", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" ]
}, },
{ "references": {
"name" : "SSRT101454", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "SSRT101455", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" "name": "SSRT101455",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "RHSA-2014:0030", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" "name": "RHSA-2014:0135",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
"name" : "RHSA-2014:0134", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" "name": "56535",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56535"
"name" : "RHSA-2014:0135", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" "name": "102027",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102027"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "RHSA-2014:0030",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
"name" : "SUSE-SU-2014:0246", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" "name": "56485",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56485"
"name" : "SUSE-SU-2014:0266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" "name": "SSRT101454",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "SUSE-SU-2014:0451", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
"name" : "64758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64758" "name": "HPSBUX02972",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "64912", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64912" "name": "SUSE-SU-2014:0451",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
"name" : "102027", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102027" "name": "HPSBUX02973",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
"name" : "1029608", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029608" "name": "1029608",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029608"
"name" : "56485", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56485" "name": "64912",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64912"
"name" : "56535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56535" "name": "oracle-cpujan2014-cve20135898(90356)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90356"
"name" : "oracle-cpujan2014-cve20135898(90356)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90356" "name": "SUSE-SU-2014:0266",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
} },
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "SUSE-SU-2014:0246",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
}
]
}
} }

128
2014/2xxx/CVE-2014-2360.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-2360", "ID": "CVE-2014-2360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01" "lang": "eng",
}, "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
{ }
"name" : "68797", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68797" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
} }

208
2014/2xxx/CVE-2014-2428.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2428", "ID": "CVE-2014-2428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201502-12", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX03091", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" ]
}, },
{ "references": {
"name" : "HPSBUX03092", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "SSRT101667", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" "name": "HPSBUX03091",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name" : "SSRT101668", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
"name" : "RHSA-2014:0413", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0413" "name": "RHSA-2014:0413",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0413"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "SSRT101667",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
"name" : "66870", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66870" "name": "HPSBUX03092",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
} },
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "66870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66870"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
}
]
}
} }

218
2014/2xxx/CVE-2014-2523.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2523", "ID": "CVE-2014-2523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/03/17/7" "lang": "eng",
}, "value": "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function."
{ }
"name" : "http://twitter.com/grsecurity/statuses/445496197399461888", ]
"refsource" : "MISC", },
"url" : "http://twitter.com/grsecurity/statuses/445496197399461888" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077343", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1077343" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" "name": "http://twitter.com/grsecurity/statuses/445496197399461888",
}, "refsource": "MISC",
{ "url": "http://twitter.com/grsecurity/statuses/445496197399461888"
"name" : "USN-2173-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2173-1" "name": "USN-2173-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2173-1"
"name" : "USN-2174-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2174-1" "name": "66279",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/66279"
"name" : "66279", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66279" "name": "USN-2174-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2174-1"
"name" : "1029945", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029945" "name": "57446",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57446"
"name" : "57446", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57446" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343"
"name" : "linux-kernel-cve20142523-code-exec(91910)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91910" "name": "1029945",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029945"
} },
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "linux-kernel-cve20142523-code-exec(91910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91910"
},
{
"name": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/17/7"
}
]
}
} }

118
2014/2xxx/CVE-2014-2592.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2592", "ID": "CVE-2014-2592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/" "lang": "eng",
} "value": "Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2592/"
}
]
}
} }

138
2014/2xxx/CVE-2014-2732.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2732", "ID": "CVE-2014-2732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80."
{ }
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "66965", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66965" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf"
},
{
"name": "66965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66965"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01"
}
]
}
} }

138
2014/2xxx/CVE-2014-2752.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2752", "ID": "CVE-2014-2752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003" "lang": "eng",
}, "value": "SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors."
{ }
"name" : "http://www.onapsis.com/research-advisories.php", ]
"refsource" : "MISC", },
"url" : "http://www.onapsis.com/research-advisories.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "57736", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57736" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003",
"refsource": "MISC",
"url": "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003"
},
{
"name": "57736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57736"
},
{
"name": "http://www.onapsis.com/research-advisories.php",
"refsource": "MISC",
"url": "http://www.onapsis.com/research-advisories.php"
}
]
}
} }

32
2014/6xxx/CVE-2014-6448.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6448", "ID": "CVE-2014-6448",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2014/6xxx/CVE-2014-6781.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6781", "ID": "CVE-2014-6781",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#421193", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/421193" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#421193",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/421193"
}
]
}
} }

138
2014/6xxx/CVE-2014-6954.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6954", "ID": "CVE-2014-6954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#289545", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/289545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#289545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/289545"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
} }

138
2017/0xxx/CVE-2017-0039.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0039", "ID": "CVE-2017-0039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows DLL", "product_name": "Windows DLL",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Vista SP2 and Server 2008 SP2" "version_value": "Windows Vista SP2 and Server 2008 SP2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka \"Library Loading Input Validation Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039" "lang": "eng",
}, "value": "Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka \"Library Loading Input Validation Remote Code Execution Vulnerability.\""
{ }
"name" : "96024", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96024" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038001", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038001" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1038001",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038001"
},
{
"name": "96024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96024"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039"
}
]
}
} }

138
2017/0xxx/CVE-2017-0236.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0236", "ID": "CVE-2017-0236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems." "version_value": "Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0236", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0236" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238."
{ }
"name" : "98234", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98234" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038431", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038431" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1038431",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038431"
},
{
"name": "98234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98234"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0236",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0236"
}
]
}
} }

184
2017/0xxx/CVE-2017-0547.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0547", "ID": "CVE-2017-0547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6" "lang": "eng",
}, "value": "An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560."
{ }
"name" : "https://source.android.com/security/bulletin/2017-04-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-04-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97338", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97338" "lang": "eng",
}, "value": "Information disclosure"
{ }
"name" : "1038201", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038201" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97338"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
} }

134
2017/0xxx/CVE-2017-0624.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0624", "ID": "CVE-2017-0624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-05-01" "lang": "eng",
}, "value": "An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832."
{ }
"name" : "98200", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98200" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98200"
}
]
}
} }

32
2017/0xxx/CVE-2017-0939.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0939", "ID": "CVE-2017-0939",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/1000xxx/CVE-2017-1000468.json
View File

@ -1,20 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"DATE_ASSIGNED" : "2017-12-29", "data_version": "4.0",
"ID" : "CVE-2017-1000468", "CVE_data_meta": {
"REQUESTER" : "sajeeb.lohani@bulletproof.sh", "ID": "CVE-2017-1000468",
"STATE" : "REJECT" "ASSIGNER": "cve@mitre.org",
}, "STATE": "REJECT"
"data_format" : "MITRE", },
"data_type" : "CVE", "description": {
"data_version" : "4.0", "description_data": [
"description" : { {
"description_data" : [ "lang": "eng",
{ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
"lang" : "eng", }
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." ]
} }
]
}
} }

188
2017/16xxx/CVE-2017-16651.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16651", "ID": "CVE-2017-16651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html" "lang": "eng",
}, "value": "Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests."
{ }
"name" : "https://github.com/roundcube/roundcubemail/issues/6026", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/roundcube/roundcubemail/issues/6026" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7" ]
}, },
{ "references": {
"name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3" "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"
"name" : "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10", },
"refsource" : "CONFIRM", {
"url" : "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10" "name": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10",
}, "refsource": "CONFIRM",
{ "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"
"name" : "DSA-4030", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4030" "name": "[debian-lts-announce] 20171128 [SECURITY] [DLA 1193-1] roundcube security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"
"name" : "101793", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101793" "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10",
} "refsource": "CONFIRM",
] "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"
} },
{
"name": "101793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101793"
},
{
"name": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7",
"refsource": "CONFIRM",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"
},
{
"name": "DSA-4030",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4030"
},
{
"name": "https://github.com/roundcube/roundcubemail/issues/6026",
"refsource": "CONFIRM",
"url": "https://github.com/roundcube/roundcubemail/issues/6026"
}
]
}
} }

32
2017/18xxx/CVE-2017-18108.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18108", "ID": "CVE-2017-18108",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/1xxx/CVE-2017-1112.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1112", "ID": "CVE-2017-1112",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

234
2017/1xxx/CVE-2017-1609.json
View File

@ -1,120 +1,120 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2017-1609", "ID": "CVE-2017-1609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Quality Manager", "product_name": "Rational Quality Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
}, },
{ {
"version_value" : "6.0.6" "version_value": "6.0.6"
}, },
{ {
"version_value" : "5.01" "version_value": "5.01"
}, },
{ {
"version_value" : "5.02" "version_value": "5.02"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738137" "lang": "eng",
}, "value": "IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132929."
{ }
"name" : "106384", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106384" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-rqm-cve20171609-xss(132929)", "A": "N",
"refsource" : "XF", "AC": "L",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132929" "AV": "N",
} "C": "L",
] "I": "L",
} "PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10738137",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738137"
},
{
"name": "ibm-rqm-cve20171609-xss(132929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132929"
},
{
"name": "106384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106384"
}
]
}
} }

32
2017/4xxx/CVE-2017-4025.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4025", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4025",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4081", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4081",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4312.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4312", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4312",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }