admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:14:47 +00:00
parent b2f71ab842
commit ffa70f4daa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3253 additions and 3253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0207.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010119 Buffer overflow in bing",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html"
},
{
"name" : "linux-bing-bo(6036)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6036"
},
{
"name" : "2279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linux-bing-bo(6036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6036"
},
{
"name": "2279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2279"
},
{
"name": "20010119 Buffer overflow in bing",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html"
}
]
}
}

140
2001/1xxx/CVE-2001-1128.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011008 Progress TERM (protermcap) overflows and PROMSGS overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/219174"
},
{
"name" : "progress-protermcap-bo(7264)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
},
{
"name" : "3414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3414"
},
{
"name": "progress-protermcap-bo(7264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
},
{
"name": "20011008 Progress TERM (protermcap) overflows and PROMSGS overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/219174"
}
]
}
}

150
2001/1xxx/CVE-2001-1231.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the \"Padlock\" fix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010814 Fwd: Security Alert: Groupwise - Action Required",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/204672"
},
{
"name" : "http://support.novell.com/padlock/details.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/padlock/details.htm"
},
{
"name" : "novell-groupwise-admin-privileges(6998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"name" : "3189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the \"Padlock\" fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010814 Fwd: Security Alert: Groupwise - Action Required",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/204672"
},
{
"name": "3189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3189"
},
{
"name": "novell-groupwise-admin-privileges(6998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6998"
},
{
"name": "http://support.novell.com/padlock/details.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/padlock/details.htm"
}
]
}
}

140
2001/1xxx/CVE-2001-1541.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011129 UUCP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/243096"
},
{
"name" : "3603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3603"
},
{
"name" : "bsd-uucp-bo(7633)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7633.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3603"
},
{
"name": "bsd-uucp-bo(7633)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7633.php"
},
{
"name": "20011129 UUCP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/243096"
}
]
}
}

190
2006/2xxx/CVE-2006-2408.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060512 Multiple vulnerabilities in Raydium rev 309",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433930/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/raydiumx-adv.txt"
},
{
"name" : "http://raydium.org/svn.php",
"refsource" : "CONFIRM",
"url" : "http://raydium.org/svn.php"
},
{
"name" : "17986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17986"
},
{
"name" : "ADV-2006-1808",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1808"
},
{
"name" : "20097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20097"
},
{
"name" : "900",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/900"
},
{
"name" : "raydium-raydiumlog-bo(26510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17986"
},
{
"name": "20097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20097"
},
{
"name": "ADV-2006-1808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1808"
},
{
"name": "http://aluigi.altervista.org/adv/raydiumx-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/raydiumx-adv.txt"
},
{
"name": "http://raydium.org/svn.php",
"refsource": "CONFIRM",
"url": "http://raydium.org/svn.php"
},
{
"name": "20060512 Multiple vulnerabilities in Raydium rev 309",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433930/100/0/threaded"
},
{
"name": "raydium-raydiumlog-bo(26510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26510"
},
{
"name": "900",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/900"
}
]
}
}

150
2006/2xxx/CVE-2006-2590.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://e107.org/comment.php?comment.news.788",
"refsource" : "CONFIRM",
"url" : "http://e107.org/comment.php?comment.news.788"
},
{
"name" : "ADV-2006-1963",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name" : "25739",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25739"
},
{
"name" : "20262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20262"
},
{
"name": "http://e107.org/comment.php?comment.news.788",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.788"
},
{
"name": "ADV-2006-1963",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1963"
},
{
"name": "25739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25739"
}
]
}
}

170
2006/2xxx/CVE-2006-2642.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via \"any of its input.\" NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060523 PHPResidence <= 0.6 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435131/100/0/threaded"
},
{
"name" : "18133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18133"
},
{
"name" : "ADV-2006-2025",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2025"
},
{
"name" : "20311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20311"
},
{
"name" : "978",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/978"
},
{
"name" : "phpresidence-multiple-xss(26701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via \"any of its input.\" NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpresidence-multiple-xss(26701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26701"
},
{
"name": "ADV-2006-2025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2025"
},
{
"name": "20311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20311"
},
{
"name": "20060523 PHPResidence <= 0.6 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435131/100/0/threaded"
},
{
"name": "18133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18133"
},
{
"name": "978",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/978"
}
]
}
}

160
2006/2xxx/CVE-2006-2719.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060530 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435352/100/0/threaded"
},
{
"name" : "20060529 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.html"
},
{
"name" : "1016181",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016181"
},
{
"name" : "20342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20342"
},
{
"name" : "1000",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016181",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016181"
},
{
"name": "20060530 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435352/100/0/threaded"
},
{
"name": "20060529 Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.html"
},
{
"name": "20342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20342"
},
{
"name": "1000",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1000"
}
]
}
}

160
2006/6xxx/CVE-2006-6694.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2556",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2556"
},
{
"name" : "http://www.rahim.webd.pl/exploity/Exploits/99.txt",
"refsource" : "MISC",
"url" : "http://www.rahim.webd.pl/exploity/Exploits/99.txt"
},
{
"name" : "20481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20481"
},
{
"name" : "22314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22314"
},
{
"name" : "euploaderpro-config-file-include(29574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22314"
},
{
"name": "euploaderpro-config-file-include(29574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29574"
},
{
"name": "http://www.rahim.webd.pl/exploity/Exploits/99.txt",
"refsource": "MISC",
"url": "http://www.rahim.webd.pl/exploity/Exploits/99.txt"
},
{
"name": "20481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20481"
},
{
"name": "2556",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2556"
}
]
}
}

160
2006/6xxx/CVE-2006-6791.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061224 Chatwm V1.0 SqL Injection Vuln.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455261/100/0/threaded"
},
{
"name" : "21732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21732"
},
{
"name" : "ADV-2006-5188",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/5188"
},
{
"name" : "1017439",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017439"
},
{
"name" : "2070",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061224 Chatwm V1.0 SqL Injection Vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455261/100/0/threaded"
},
{
"name": "21732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21732"
},
{
"name": "1017439",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017439"
},
{
"name": "ADV-2006-5188",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5188"
},
{
"name": "2070",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2070"
}
]
}
}

120
2006/6xxx/CVE-2006-6916.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to \"crafted input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://getahead.ltd.uk/dwr/changelog",
"refsource" : "CONFIRM",
"url" : "http://getahead.ltd.uk/dwr/changelog"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to \"crafted input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://getahead.ltd.uk/dwr/changelog",
"refsource": "CONFIRM",
"url": "http://getahead.ltd.uk/dwr/changelog"
}
]
}
}

160
2011/2xxx/CVE-2011-2158.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4"
},
{
"name" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html"
},
{
"name" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html",
"refsource" : "MISC",
"url" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
},
{
"name" : "VU#240150",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/240150"
},
{
"name" : "smarterstats-contenttype-header-unspecified(67824)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67824"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html"
},
{
"name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
},
{
"name": "smarterstats-contenttype-header-unspecified(67824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67824"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4"
},
{
"name": "VU#240150",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/240150"
}
]
}
}

120
2011/2xxx/CVE-2011-2301.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to CTXSYS.DRVDISP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to CTXSYS.DRVDISP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
}
]
}
}

140
2011/2xxx/CVE-2011-2303.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name" : "50225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50225"
},
{
"name" : "46504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name": "50225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50225"
},
{
"name": "46504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46504"
}
]
}
}

200
2011/2xxx/CVE-2011-2450.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html"
},
{
"name" : "GLSA-201204-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml"
},
{
"name" : "RHSA-2011:1445",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1445.html"
},
{
"name" : "SUSE-SA:2011:043",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html"
},
{
"name" : "SUSE-SU-2011:1244",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html"
},
{
"name" : "openSUSE-SU-2011:1240",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html"
},
{
"name" : "oval:org.mitre.oval:def:14507",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14507"
},
{
"name" : "oval:org.mitre.oval:def:16217",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16217"
},
{
"name" : "48819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2011:1240",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html"
},
{
"name": "oval:org.mitre.oval:def:16217",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16217"
},
{
"name": "SUSE-SA:2011:043",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html"
},
{
"name": "oval:org.mitre.oval:def:14507",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14507"
},
{
"name": "SUSE-SU-2011:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html"
},
{
"name": "GLSA-201204-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-07.xml"
},
{
"name": "RHSA-2011:1445",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1445.html"
},
{
"name": "48819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48819"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html"
}
]
}
}

140
2011/2xxx/CVE-2011-2625.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1150/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1150/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1150/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1150/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1150/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1150/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/windows/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1150/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1150/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1150/"
}
]
}
}

170
2011/3xxx/CVE-2011-3128.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://core.trac.wordpress.org/changeset/18023/branches/3.1",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/changeset/18023/branches/3.1"
},
{
"name" : "http://wordpress.org/news/2011/05/wordpress-3-1-3/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2011/05/wordpress-3-1-3/"
},
{
"name" : "DSA-2470",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2470"
},
{
"name" : "47995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47995"
},
{
"name" : "49138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49138"
},
{
"name" : "wordpress-attachments-info-disc(69171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wordpress-attachments-info-disc(69171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69171"
},
{
"name": "47995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47995"
},
{
"name": "49138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49138"
},
{
"name": "http://wordpress.org/news/2011/05/wordpress-3-1-3/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2011/05/wordpress-3-1-3/"
},
{
"name": "http://core.trac.wordpress.org/changeset/18023/branches/3.1",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/18023/branches/3.1"
},
{
"name": "DSA-2470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2470"
}
]
}
}

160
2011/3xxx/CVE-2011-3176.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x4c Stack Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974"
},
{
"name" : "19959",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19959"
},
{
"name" : "http://download.novell.com/Download?buildid=rs4B5jhWKf8~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=rs4B5jhWKf8~"
},
{
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7010044",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7010044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x4c Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7010044",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7010044"
},
{
"name": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~"
},
{
"name": "19959",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19959"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html"
}
]
}
}

210
2011/3xxx/CVE-2011-3266.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110728 Wireshark 1.6.1 Malformed IKE Packet Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/519049/100/0/threaded"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-13.html"
},
{
"name" : "MDVSA-2011:138",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138"
},
{
"name" : "SUSE-SU-2011:1262",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2011:1263",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html"
},
{
"name" : "49377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49377"
},
{
"name" : "oval:org.mitre.oval:def:15042",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042"
},
{
"name" : "1025875",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025875"
},
{
"name" : "8351",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8351"
},
{
"name" : "wireshark-prototreeadditem-dos(69411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49377"
},
{
"name": "wireshark-prototreeadditem-dos(69411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69411"
},
{
"name": "MDVSA-2011:138",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-13.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-13.html"
},
{
"name": "8351",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8351"
},
{
"name": "openSUSE-SU-2011:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html"
},
{
"name": "20110728 Wireshark 1.6.1 Malformed IKE Packet Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519049/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:15042",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042"
},
{
"name": "1025875",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025875"
},
{
"name": "SUSE-SU-2011:1262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html"
}
]
}
}

160
2011/3xxx/CVE-2011-3332.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#225833",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/225833"
},
{
"name" : "49959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49959"
},
{
"name" : "76096",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76096"
},
{
"name" : "46320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46320"
},
{
"name" : "iceniargus-pdf-bo(70343)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70343"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iceniargus-pdf-bo(70343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70343"
},
{
"name": "46320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46320"
},
{
"name": "VU#225833",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/225833"
},
{
"name": "49959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49959"
},
{
"name": "76096",
"refsource": "OSVDB",
"url": "http://osvdb.org/76096"
}
]
}
}

140
2011/3xxx/CVE-2011-3380.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt"
},
{
"name" : "RHSA-2011:1356",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1356.html"
},
{
"name" : "46306",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt"
},
{
"name": "46306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46306"
},
{
"name": "RHSA-2011:1356",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1356.html"
}
]
}
}

130
2011/3xxx/CVE-2011-3404.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Content-Disposition Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-099",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099"
},
{
"name" : "oval:org.mitre.oval:def:14614",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14614"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Content-Disposition Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099"
},
{
"name": "oval:org.mitre.oval:def:14614",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14614"
}
]
}
}

130
2011/4xxx/CVE-2011-4504.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.upnp-hacks.org/suspect.html",
"refsource" : "MISC",
"url" : "http://www.upnp-hacks.org/suspect.html"
},
{
"name" : "VU#357851",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/suspect.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}

150
2011/4xxx/CVE-2011-4564.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111006 Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520029/100/0/threaded"
},
{
"name" : "http://www.rul3z.de/advisories/SSCHADV2011-020.txt",
"refsource" : "MISC",
"url" : "http://www.rul3z.de/advisories/SSCHADV2011-020.txt"
},
{
"name" : "50001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50001"
},
{
"name" : "activecms-admin-xss(70376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50001"
},
{
"name": "activecms-admin-xss(70376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70376"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-020.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-020.txt"
},
{
"name": "20111006 Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520029/100/0/threaded"
}
]
}
}

34
2011/4xxx/CVE-2011-4781.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-4781",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4781",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2013/0xxx/CVE-2013-0417.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2013/0xxx/CVE-2013-0573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/0xxx/CVE-2013-0811.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability,\" a different vulnerability than CVE-2013-1307."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037"
},
{
"name" : "TA13-134A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name" : "oval:org.mitre.oval:def:15979",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability,\" a different vulnerability than CVE-2013-1307."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037"
},
{
"name": "TA13-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name": "oval:org.mitre.oval:def:15979",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15979"
}
]
}
}

160
2013/1xxx/CVE-2013-1447.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q4/412"
},
{
"name" : "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS",
"refsource" : "CONFIRM",
"url" : "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS"
},
{
"name" : "DSA-2808",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2808"
},
{
"name" : "RHSA-2013:1850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1850.html"
},
{
"name" : "64142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1850.html"
},
{
"name": "64142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64142"
},
{
"name": "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS",
"refsource": "CONFIRM",
"url": "http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS"
},
{
"name": "[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/412"
},
{
"name": "DSA-2808",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2808"
}
]
}
}

160
2013/1xxx/CVE-2013-1904.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20130327 [RCD] zero day vulnerability (tested on v8.0 to 9.0)",
"refsource" : "MLIST",
"url" : "http://lists.roundcube.net/pipermail/dev/2013-March/022328.html"
},
{
"name" : "[oss-security] 20130328 Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/28/8"
},
{
"name" : "http://habrahabr.ru/post/174423/",
"refsource" : "MISC",
"url" : "http://habrahabr.ru/post/174423/"
},
{
"name" : "http://sourceforge.net/p/roundcubemail/news/2013/03/security-updates-086-and-073/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/roundcubemail/news/2013/03/security-updates-086-and-073/"
},
{
"name" : "openSUSE-SU-2013:0671",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00080.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://habrahabr.ru/post/174423/",
"refsource": "MISC",
"url": "http://habrahabr.ru/post/174423/"
},
{
"name": "http://sourceforge.net/p/roundcubemail/news/2013/03/security-updates-086-and-073/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/roundcubemail/news/2013/03/security-updates-086-and-073/"
},
{
"name": "[dev] 20130327 [RCD] zero day vulnerability (tested on v8.0 to 9.0)",
"refsource": "MLIST",
"url": "http://lists.roundcube.net/pipermail/dev/2013-March/022328.html"
},
{
"name": "openSUSE-SU-2013:0671",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00080.html"
},
{
"name": "[oss-security] 20130328 Re: CVE Request -- roundcubemail: Local file inclusion via web UI modification of certain config options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/28/8"
}
]
}
}

34
2013/5xxx/CVE-2013-5203.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5203",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5203",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/5xxx/CVE-2013-5214.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5214",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5214",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2013/5xxx/CVE-2013-5749.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/123455/SimpleRisk-20130915-01-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/123455/SimpleRisk-20130915-01-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name" : "https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf",
"refsource" : "CONFIRM",
"url" : "https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123455/SimpleRisk-20130915-01-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123455/SimpleRisk-20130915-01-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf",
"refsource": "CONFIRM",
"url": "https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf"
}
]
}
}

180
2013/5xxx/CVE-2013-5788.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name" : "RHSA-2013:1440",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name" : "RHSA-2013:1507",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name" : "SUSE-SU-2013:1677",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name" : "oval:org.mitre.oval:def:18607",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18607"
},
{
"name" : "56338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1440",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"name": "SUSE-SU-2013:1677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"
},
{
"name": "oval:org.mitre.oval:def:18607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18607"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "RHSA-2013:1507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"
},
{
"name": "56338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56338"
}
]
}
}

230
2013/5xxx/CVE-2013-5904.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name" : "HPSBUX02972",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "SSRT101454",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "RHSA-2014:0030",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64890"
},
{
"name" : "101993",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101993"
},
{
"name" : "1029608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029608"
},
{
"name" : "56485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56485"
},
{
"name" : "56535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56535"
},
{
"name" : "oracle-cpujan2014-cve20135904(90336)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56535"
},
{
"name": "RHSA-2014:0030",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name": "56485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56485"
},
{
"name": "SSRT101454",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name": "64890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64890"
},
{
"name": "HPSBUX02972",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "1029608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029608"
},
{
"name": "101993",
"refsource": "OSVDB",
"url": "http://osvdb.org/101993"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "oracle-cpujan2014-cve20135904(90336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90336"
}
]
}
}

130
2014/2xxx/CVE-2014-2190.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140506 Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2190"
},
{
"name" : "1030199",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030199"
},
{
"name": "20140506 Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2190"
}
]
}
}

160
2014/2xxx/CVE-2014-2241.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140312 Re: Two stack-based issues in freetype [NOT a request]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/12/4"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969"
},
{
"name" : "http://savannah.nongnu.org/bugs/?41697",
"refsource" : "CONFIRM",
"url" : "http://savannah.nongnu.org/bugs/?41697"
},
{
"name" : "USN-2148-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2148-1"
},
{
"name" : "57447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969"
},
{
"name": "USN-2148-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2148-1"
},
{
"name": "57447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57447"
},
{
"name": "http://savannah.nongnu.org/bugs/?41697",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/bugs/?41697"
},
{
"name": "[oss-security] 20140312 Re: Two stack-based issues in freetype [NOT a request]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/12/4"
}
]
}
}

120
2014/2xxx/CVE-2014-2363.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-205-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-205-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-205-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-205-01"
}
]
}
}

120
2014/2xxx/CVE-2014-2429.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-2429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
}
]
}
}

200
2014/2xxx/CVE-2014-2678.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20140329 [PATCH v2] rds: prevent dereference of a NULL device in rds_iw_laddr_check",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2014/3/29/188"
},
{
"name" : "[oss-security] 20140331 CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/31/10"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0926-1.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0926.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0926.html"
},
{
"name" : "FEDORA-2014-4844",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html"
},
{
"name" : "66543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66543"
},
{
"name" : "59386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59386"
},
{
"name" : "60130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60130"
},
{
"name" : "60471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60471"
},
{
"name": "66543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66543"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0926.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926.html"
},
{
"name": "[linux-kernel] 20140329 [PATCH v2] rds: prevent dereference of a NULL device in rds_iw_laddr_check",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2014/3/29/188"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0926-1.html"
},
{
"name": "[oss-security] 20140331 CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/31/10"
},
{
"name": "59386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59386"
},
{
"name": "60130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60130"
},
{
"name": "FEDORA-2014-4844",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html"
}
]
}
}

34
2014/2xxx/CVE-2014-2704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2704",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2704",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/2xxx/CVE-2014-2936.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#693092",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/693092"
},
{
"name" : "67254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67254"
},
{
"name": "VU#693092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/693092"
}
]
}
}

122
2017/0xxx/CVE-2017-0829.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00",
"ID" : "CVE-2017-0829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-0829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
}
]
}
}

120
2017/12xxx/CVE-2017-12956.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482296",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296"
}
]
}
}

140
2017/16xxx/CVE-2017-16399.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-16399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-16399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name" : "102140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102140"
},
{
"name" : "1039791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name": "102140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102140"
}
]
}
}

34
2017/1xxx/CVE-2017-1719.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1719",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1719",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/4xxx/CVE-2017-4495.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4495",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4495",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4671.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4671",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4671",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

138
2017/4xxx/CVE-2017-4920.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-08-10T00:00:00",
"ID" : "CVE-2017-4920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NSX-V Edge",
"version" : {
"version_data" : [
{
"version_value" : "6.2.x prior to 6.2.8"
},
{
"version_value" : "6.3.x prior to 6.3.3"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-4920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NSX-V Edge",
"version": {
"version_data": [
{
"version_value": "6.2.x prior to 6.2.8"
},
{
"version_value": "6.3.x prior to 6.3.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vmware.com/security/advisories/VMSA-2017-0014.html",
"refsource" : "CONFIRM",
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0014.html"
},
{
"name" : "100277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0014.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0014.html"
},
{
"name": "100277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100277"
}
]
}
}

34
2018/5xxx/CVE-2018-5395.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5395",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5395",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}