diff --git a/2006/0xxx/CVE-2006-0165.json b/2006/0xxx/CVE-2006-0165.json index f19648b94cc..11ebcc3ea5c 100644 --- a/2006/0xxx/CVE-2006-0165.json +++ b/2006/0xxx/CVE-2006-0165.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213" - }, - { - "name" : "ADV-2006-0126", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0126" - }, - { - "name" : "18372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18372" - }, - { - "name" : "webgui-forms-xss(24053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18372" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213" + }, + { + "name": "webgui-forms-xss(24053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24053" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417" + }, + { + "name": "ADV-2006-0126", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0126" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0214.json b/2006/0xxx/CVE-2006-0214.json index 45a24693e74..98369805078 100644 --- a/2006/0xxx/CVE-2006-0214.json +++ b/2006/0xxx/CVE-2006-0214.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html" - }, - { - "name" : "16237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16237" - }, - { - "name" : "18043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18043" - }, - { - "name" : "351", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/351" - }, - { - "name" : "ezdatabase-visitorupload-file-include(24136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "351", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/351" + }, + { + "name": "http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html" + }, + { + "name": "18043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18043" + }, + { + "name": "ezdatabase-visitorupload-file-include(24136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24136" + }, + { + "name": "16237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16237" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0254.json b/2006/0xxx/CVE-2006-0254.json index 0ffa8d4a894..ffb2f64b72a 100644 --- a/2006/0xxx/CVE-2006-0254.json +++ b/2006/0xxx/CVE-2006-0254.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421996/100/0/threaded" - }, - { - "name" : "http://issues.apache.org/jira/browse/GERONIMO-1474", - "refsource" : "MISC", - "url" : "http://issues.apache.org/jira/browse/GERONIMO-1474" - }, - { - "name" : "http://www.oliverkarow.de/research/geronimo_css.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/geronimo_css.txt" - }, - { - "name" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "RHSA-2008:0630", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html" - }, - { - "name" : "16260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16260" - }, - { - "name" : "ADV-2006-0217", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0217" - }, - { - "name" : "18485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18485" - }, - { - "name" : "31493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31493" - }, - { - "name" : "geronimo-webaccesslog-viewer-xss(24159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24159" - }, - { - "name" : "geronimo-jspexamples-xss(24158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0630", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html" + }, + { + "name": "31493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31493" + }, + { + "name": "http://www.oliverkarow.de/research/geronimo_css.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/geronimo_css.txt" + }, + { + "name": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create" + }, + { + "name": "16260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16260" + }, + { + "name": "ADV-2006-0217", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0217" + }, + { + "name": "geronimo-webaccesslog-viewer-xss(24159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24159" + }, + { + "name": "geronimo-jspexamples-xss(24158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24158" + }, + { + "name": "20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421996/100/0/threaded" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "http://issues.apache.org/jira/browse/GERONIMO-1474", + "refsource": "MISC", + "url": "http://issues.apache.org/jira/browse/GERONIMO-1474" + }, + { + "name": "18485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18485" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0288.json b/2006/0xxx/CVE-2006-0288.json index 60ee3d8f018..bc1cd94709e 100644 --- a/2006/0xxx/CVE-2006-0288.json +++ b/2006/0xxx/CVE-2006-0288.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0639.json b/2006/0xxx/CVE-2006-0639.json index 9e220ea4b7e..056e3f3d44e 100644 --- a/2006/0xxx/CVE-2006-0639.json +++ b/2006/0xxx/CVE-2006-0639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060207 [myimei]MyBB 1.0.2 XSS attack in search.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424334/100/0/threaded" - }, - { - "name" : "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html" - }, - { - "name" : "20060208 Re: [myimei]MyBB 1.0.2 XSS attack in search.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424375/100/0/threaded" - }, - { - "name" : "mybb-search-xss(24466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-search-xss(24466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466" + }, + { + "name": "20060208 Re: [myimei]MyBB 1.0.2 XSS attack in search.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded" + }, + { + "name": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html" + }, + { + "name": "20060207 [myimei]MyBB 1.0.2 XSS attack in search.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0914.json b/2006/0xxx/CVE-2006-0914.json index ddc72e66e50..9c2395605d3 100644 --- a/2006/0xxx/CVE-2006-0914.json +++ b/2006/0xxx/CVE-2006-0914.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425584/100/0/threaded" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=312498", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=312498" - }, - { - "name" : "ADV-2006-0692", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0692" - }, - { - "name" : "bugzilla-duplicates-sql-injection(42802)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0692", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0692" + }, + { + "name": "bugzilla-duplicates-sql-injection(42802)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42802" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=312498", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=312498" + }, + { + "name": "20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425584/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1120.json b/2006/1xxx/CVE-2006-1120.json index 2e41d27591a..82818a6fab5 100644 --- a/2006/1xxx/CVE-2006-1120.json +++ b/2006/1xxx/CVE-2006-1120.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 DCP Portal: Multiple XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427175/100/0/threaded" - }, - { - "name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt", - "refsource" : "MISC", - "url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt" - }, - { - "name" : "17050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17050" - }, - { - "name" : "23976", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23976" - }, - { - "name" : "23977", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23977" - }, - { - "name" : "23978", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23978" - }, - { - "name" : "23979", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23979" - }, - { - "name" : "23980", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23980" - }, - { - "name" : "23981", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23981" - }, - { - "name" : "392", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/392" - }, - { - "name" : "dcpportal-multiple-scripts-xss(25279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dcpportal-multiple-scripts-xss(25279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25279" + }, + { + "name": "23979", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23979" + }, + { + "name": "23981", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23981" + }, + { + "name": "20060309 DCP Portal: Multiple XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427175/100/0/threaded" + }, + { + "name": "23980", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23980" + }, + { + "name": "17050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17050" + }, + { + "name": "392", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/392" + }, + { + "name": "23978", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23978" + }, + { + "name": "23976", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23976" + }, + { + "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt", + "refsource": "MISC", + "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-001.txt" + }, + { + "name": "23977", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23977" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1741.json b/2006/1xxx/CVE-2006-1741.json index 824be1dbc77..3d2fd7f8bd2 100644 --- a/2006/1xxx/CVE-2006-1741.json +++ b/2006/1xxx/CVE-2006-1741.json @@ -1,317 +1,317 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "SUSE-SA:2006:021", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "oval:org.mitre.oval:def:9167", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "oval:org.mitre.oval:def:1855", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "19721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19721" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19696" - }, - { - "name" : "19729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19729" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "mozilla-eventhandler-xss(25806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "mozilla-eventhandler-xss(25806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25806" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "oval:org.mitre.oval:def:9167", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19696" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SUSE-SA:2006:021", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "oval:org.mitre.oval:def:1855", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "19729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19729" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "19721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19721" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1909.json b/2006/1xxx/CVE-2006-1909.json index a33afeb8968..8bf3c5eb307 100644 --- a/2006/1xxx/CVE-2006-1909.json +++ b/2006/1xxx/CVE-2006-1909.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard \"../\" sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431062" - }, - { - "name" : "20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431118/30/0/threaded" - }, - { - "name" : "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html" - }, - { - "name" : "17570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17570" - }, - { - "name" : "ADV-2006-1392", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1392" - }, - { - "name" : "19665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19665" - }, - { - "name" : "coppermine-index-file-include(25866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard \"../\" sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19665" + }, + { + "name": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html" + }, + { + "name": "20060416 Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431118/30/0/threaded" + }, + { + "name": "ADV-2006-1392", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1392" + }, + { + "name": "coppermine-index-file-include(25866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25866" + }, + { + "name": "20060415 [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431062" + }, + { + "name": "17570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17570" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3112.json b/2006/3xxx/CVE-2006-3112.json index 81f726cb972..37ad093bff8 100644 --- a/2006/3xxx/CVE-2006-3112.json +++ b/2006/3xxx/CVE-2006-3112.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115024576618386&w=2" - }, - { - "name" : "1016315", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016315" - }, - { - "name" : "chipmailer-php-information-disclosure(27159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115024576618386&w=2" + }, + { + "name": "chipmailer-php-information-disclosure(27159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27159" + }, + { + "name": "1016315", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016315" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4073.json b/2006/4xxx/CVE-2006-4073.json index eef36528e84..eb98399e14c 100644 --- a/2006/4xxx/CVE-2006-4073.json +++ b/2006/4xxx/CVE-2006-4073.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060806 SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442428/100/0/threaded" - }, - { - "name" : "2134", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2134" - }, - { - "name" : "http://www.solpotcrew.org/adv/solpot-adv-05.txt", - "refsource" : "MISC", - "url" : "http://www.solpotcrew.org/adv/solpot-adv-05.txt" - }, - { - "name" : "19376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19376" - }, - { - "name" : "ADV-2006-3199", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3199" - }, - { - "name" : "phpcc-login-file-include(28259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060806 SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442428/100/0/threaded" + }, + { + "name": "http://www.solpotcrew.org/adv/solpot-adv-05.txt", + "refsource": "MISC", + "url": "http://www.solpotcrew.org/adv/solpot-adv-05.txt" + }, + { + "name": "2134", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2134" + }, + { + "name": "19376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19376" + }, + { + "name": "ADV-2006-3199", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3199" + }, + { + "name": "phpcc-login-file-include(28259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28259" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4173.json b/2006/4xxx/CVE-2006-4173.json index 838a8a9ce48..470f1174f5a 100644 --- a/2006/4xxx/CVE-2006-4173.json +++ b/2006/4xxx/CVE-2006-4173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4402.json b/2006/4xxx/CVE-2006-4402.json index 27ce2f0e151..80e81407755 100644 --- a/2006/4xxx/CVE-2006-4402.json +++ b/2006/4xxx/CVE-2006-4402.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#258744", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/258744" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30735", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30735" - }, - { - "name" : "1017304", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017304" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - }, - { - "name" : "macos-finder-dsstore-bo(30617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "VU#258744", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/258744" + }, + { + "name": "1017304", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017304" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "macos-finder-dsstore-bo(30617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30617" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "30735", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30735" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4577.json b/2006/4xxx/CVE-2006-4577.json index b1eeac7f771..4b6f0fdbcf0 100644 --- a/2006/4xxx/CVE-2006-4577.json +++ b/2006/4xxx/CVE-2006-4577.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-76/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-76/advisory/" - }, - { - "name" : "21870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21870" - }, - { - "name" : "32564", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32564" - }, - { - "name" : "32565", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32565" - }, - { - "name" : "32566", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32566" - }, - { - "name" : "21694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21694" - }, - { - "name" : "theaddressbook-index-search-xss(31247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31247" - }, - { - "name" : "theaddressbook-multiple-scripts-xss(31240)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-76/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-76/advisory/" + }, + { + "name": "theaddressbook-multiple-scripts-xss(31240)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31240" + }, + { + "name": "32564", + "refsource": "OSVDB", + "url": "http://osvdb.org/32564" + }, + { + "name": "32565", + "refsource": "OSVDB", + "url": "http://osvdb.org/32565" + }, + { + "name": "theaddressbook-index-search-xss(31247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31247" + }, + { + "name": "32566", + "refsource": "OSVDB", + "url": "http://osvdb.org/32566" + }, + { + "name": "21870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21870" + }, + { + "name": "21694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21694" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4948.json b/2006/4xxx/CVE-2006-4948.json index 9a5369c5971..55b336cb4a5 100644 --- a/2006/4xxx/CVE-2006-4948.json +++ b/2006/4xxx/CVE-2006-4948.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20131" - }, - { - "name" : "ADV-2006-3731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3731" - }, - { - "name" : "29032", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29032" - }, - { - "name" : "21854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21854" - }, - { - "name" : "tftpdwin-pathname-bo(29075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tftpdwin-pathname-bo(29075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29075" + }, + { + "name": "29032", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29032" + }, + { + "name": "20131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20131" + }, + { + "name": "ADV-2006-3731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3731" + }, + { + "name": "21854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21854" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2211.json b/2010/2xxx/CVE-2010-2211.json index 9431dc1e601..047e4a5dd5a 100644 --- a/2010/2xxx/CVE-2010-2211.json +++ b/2010/2xxx/CVE-2010-2211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "41243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41243" - }, - { - "name" : "oval:org.mitre.oval:def:6930", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6930" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + }, + { + "name": "41243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41243" + }, + { + "name": "oval:org.mitre.oval:def:6930", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6930" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2468.json b/2010/2xxx/CVE-2010-2468.json index 182497ff930..17051d72173 100644 --- a/2010/2xxx/CVE-2010-2468.json +++ b/2010/2xxx/CVE-2010-2468.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blip.tv/file/3414004", - "refsource" : "MISC", - "url" : "http://blip.tv/file/3414004" - }, - { - "name" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" - }, - { - "name" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", - "refsource" : "MISC", - "url" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" - }, - { - "name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", - "refsource" : "MISC", - "url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" - }, - { - "name" : "netbox-admin-password-info-disclosure(59827)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" + }, + { + "name": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", + "refsource": "MISC", + "url": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" + }, + { + "name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", + "refsource": "MISC", + "url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" + }, + { + "name": "netbox-admin-password-info-disclosure(59827)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59827" + }, + { + "name": "http://blip.tv/file/3414004", + "refsource": "MISC", + "url": "http://blip.tv/file/3414004" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2571.json b/2010/2xxx/CVE-2010-2571.json index bf2d7bebb5f..f17cf9a9203 100644 --- a/2010/2xxx/CVE-2010-2571.json +++ b/2010/2xxx/CVE-2010-2571.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka \"Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-103", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" - }, - { - "name" : "TA10-348A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12298", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12298" - }, - { - "name" : "1024885", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka \"Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-348A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" + }, + { + "name": "MS10-103", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103" + }, + { + "name": "1024885", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024885" + }, + { + "name": "oval:org.mitre.oval:def:12298", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12298" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2958.json b/2010/2xxx/CVE-2010-2958.json index ee167be1c56..05663526e21 100644 --- a/2010/2xxx/CVE-2010-2958.json +++ b/2010/2xxx/CVE-2010-2958.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100901 CVE Request -- phpMyAdmin - v3.6.6 -- XSS attack using debugging messages (CVE-2010-3056 discussion)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/01/2" - }, - { - "name" : "[oss-security] 20100901 Re: CVE Request -- phpMyAdmin - v3.6.6 -- XSS attack using debugging messages (CVE-2010-3056 discussion)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/01/3" - }, - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php" - }, - { - "name" : "41206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41206" - }, - { - "name" : "ADV-2010-2242", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41206" + }, + { + "name": "[oss-security] 20100901 CVE Request -- phpMyAdmin - v3.6.6 -- XSS attack using debugging messages (CVE-2010-3056 discussion)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/01/2" + }, + { + "name": "[oss-security] 20100901 Re: CVE Request -- phpMyAdmin - v3.6.6 -- XSS attack using debugging messages (CVE-2010-3056 discussion)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/01/3" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php" + }, + { + "name": "ADV-2010-2242", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2242" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3108.json b/2010/3xxx/CVE-2010-3108.json index 5c7fd85e95e..3dfc3996d67 100644 --- a/2010/3xxx/CVE-2010-3108.json +++ b/2010/3xxx/CVE-2010-3108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-139/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-139/" - }, - { - "name" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" - }, - { - "name" : "oval:org.mitre.oval:def:11915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-139/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-139/" + }, + { + "name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~" + }, + { + "name": "oval:org.mitre.oval:def:11915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11915" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3168.json b/2010/3xxx/CVE-2010-3168.json index 410e7eede02..45138e6a455 100644 --- a/2010/3xxx/CVE-2010-3168.json +++ b/2010/3xxx/CVE-2010-3168.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=576075", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=576075" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100110210", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100110210" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100112690", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100112690" - }, - { - "name" : "DSA-2106", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2106" - }, - { - "name" : "FEDORA-2010-14362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" - }, - { - "name" : "MDVSA-2010:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" - }, - { - "name" : "SUSE-SA:2010:049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" - }, - { - "name" : "43108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43108" - }, - { - "name" : "oval:org.mitre.oval:def:12001", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2010-2323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2323" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - }, - { - "name" : "firefox-xultree-objects-code-exec(61653)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12001", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001" + }, + { + "name": "SUSE-SA:2010:049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "FEDORA-2010-14362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100110210", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100110210" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100112690", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100112690" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "firefox-xultree-objects-code-exec(61653)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61653" + }, + { + "name": "43108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43108" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-55.html" + }, + { + "name": "MDVSA-2010:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173" + }, + { + "name": "ADV-2010-2323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2323" + }, + { + "name": "DSA-2106", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2106" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=576075" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3307.json b/2010/3xxx/CVE-2010-3307.json index e8cc1a2527f..c2d39e42f25 100644 --- a/2010/3xxx/CVE-2010-3307.json +++ b/2010/3xxx/CVE-2010-3307.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100917 Re: [oCERT-2010-003] Free Simple CMS path sanitization errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/17/11" - }, - { - "name" : "[oss-security] 20100917 [oCERT-2010-003] Free Simple CMS path sanitization errors", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/17/4" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2010-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2010-003.html" - }, - { - "name" : "41001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) body, (2) footer, (3) header, (4) menu_left, or (5) menu_right parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100917 Re: [oCERT-2010-003] Free Simple CMS path sanitization errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/17/11" + }, + { + "name": "41001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41001" + }, + { + "name": "[oss-security] 20100917 [oCERT-2010-003] Free Simple CMS path sanitization errors", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/17/4" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2010-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2010-003.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3363.json b/2010/3xxx/CVE-2010-3363.json index 7f5bc36668e..27a078e1aac 100644 --- a/2010/3xxx/CVE-2010-3363.json +++ b/2010/3xxx/CVE-2010-3363.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598295", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598295", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598295" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4365.json b/2010/4xxx/CVE-2010-4365.json index 73a84b8ecd7..c964284880f 100644 --- a/2010/4xxx/CVE-2010-4365.json +++ b/2010/4xxx/CVE-2010-4365.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15610", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15610" - }, - { - "name" : "http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt" - }, - { - "name" : "45050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45050" - }, - { - "name" : "39836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15610", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15610" + }, + { + "name": "39836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39836" + }, + { + "name": "http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/96125/joomlaajax-sql.txt" + }, + { + "name": "45050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45050" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4398.json b/2010/4xxx/CVE-2010-4398.json index 41d670d2184..dfd44846111 100644 --- a/2010/4xxx/CVE-2010-4398.json +++ b/2010/4xxx/CVE-2010-4398.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka \"Driver Improper Interaction with Windows Kernel Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15609", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15609/" - }, - { - "name" : "http://isc.sans.edu/diary.html?storyid=9988", - "refsource" : "MISC", - "url" : "http://isc.sans.edu/diary.html?storyid=9988" - }, - { - "name" : "http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/", - "refsource" : "MISC", - "url" : "http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/" - }, - { - "name" : "http://twitter.com/msftsecresponse/statuses/7590788200402945", - "refsource" : "MISC", - "url" : "http://twitter.com/msftsecresponse/statuses/7590788200402945" - }, - { - "name" : "http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/", - "refsource" : "MISC", - "url" : "http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100127248", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100127248" - }, - { - "name" : "MS11-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011" - }, - { - "name" : "VU#529673", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/529673" - }, - { - "name" : "45045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45045" - }, - { - "name" : "oval:org.mitre.oval:def:12162", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162" - }, - { - "name" : "1025046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025046" - }, - { - "name" : "42356", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42356" - }, - { - "name" : "ADV-2011-0324", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka \"Driver Improper Interaction with Windows Kernel Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://isc.sans.edu/diary.html?storyid=9988", + "refsource": "MISC", + "url": "http://isc.sans.edu/diary.html?storyid=9988" + }, + { + "name": "45045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45045" + }, + { + "name": "15609", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15609/" + }, + { + "name": "http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/", + "refsource": "MISC", + "url": "http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100127248", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100127248" + }, + { + "name": "ADV-2011-0324", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0324" + }, + { + "name": "http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/", + "refsource": "MISC", + "url": "http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/" + }, + { + "name": "http://twitter.com/msftsecresponse/statuses/7590788200402945", + "refsource": "MISC", + "url": "http://twitter.com/msftsecresponse/statuses/7590788200402945" + }, + { + "name": "MS11-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-011" + }, + { + "name": "1025046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025046" + }, + { + "name": "VU#529673", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/529673" + }, + { + "name": "42356", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42356" + }, + { + "name": "oval:org.mitre.oval:def:12162", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12162" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4412.json b/2010/4xxx/CVE-2010-4412.json index fa4e9766ec1..0968678b6e9 100644 --- a/2010/4xxx/CVE-2010-4412.json +++ b/2010/4xxx/CVE-2010-4412.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101106 pfsense xss issues.", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/43" - }, - { - "name" : "[oss-security] 20101123 Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/22/18" - }, - { - "name" : "[oss-security] 20101124 Re: Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/11/24/7" - }, - { - "name" : "[oss-security] 20101206 Re: Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/06/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in an olsrd.xml action to pkg_edit.php, (2) the xml parameter to pkg.php, or the if parameter to (3) status_graph.php or (4) interfaces.php, a different vulnerability than CVE-2008-1182 and CVE-2010-4246." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101123 Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/22/18" + }, + { + "name": "[oss-security] 20101124 Re: Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/11/24/7" + }, + { + "name": "[oss-security] 20101206 Re: Can I request a cve for pfsense regarding --> \"pfSense \"graph.php\" Cross-Site Scripting Vulnerabilities\"", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/06/7" + }, + { + "name": "20101106 pfsense xss issues.", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/43" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4751.json b/2010/4xxx/CVE-2010-4751.json index ee45504cffc..ff5edf00ea0 100644 --- a/2010/4xxx/CVE-2010-4751.json +++ b/2010/4xxx/CVE-2010-4751.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/168/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/168/45/" - }, - { - "name" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", - "refsource" : "CONFIRM", - "url" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" - }, - { - "name" : "45230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45230" - }, - { - "name" : "42391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42391" - }, - { - "name" : "lightneasy-id-sql-injection(63723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://holisticinfosec.org/content/view/168/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/168/45/" + }, + { + "name": "lightneasy-id-sql-injection(63723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63723" + }, + { + "name": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", + "refsource": "CONFIRM", + "url": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" + }, + { + "name": "45230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45230" + }, + { + "name": "42391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42391" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1073.json b/2011/1xxx/CVE-2011-1073.json index 7258059e8c1..d8471a1c8ac 100644 --- a/2011/1xxx/CVE-2011-1073.json +++ b/2011/1xxx/CVE-2011-1073.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110228 FreeBSD crontab information leakage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516716/100/0/threaded" - }, - { - "name" : "20110228 FreeBSD crontab information leakage", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=129891323028897&w=2" - }, - { - "name" : "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/28/6" - }, - { - "name" : "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/28/14" - }, - { - "name" : "46604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46604" - }, - { - "name" : "8117", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8117" - }, - { - "name" : "freebsd-realpath-info-disc(65899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-realpath-info-disc(65899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899" + }, + { + "name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/28/14" + }, + { + "name": "46604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46604" + }, + { + "name": "8117", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8117" + }, + { + "name": "20110228 FreeBSD crontab information leakage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded" + }, + { + "name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/28/6" + }, + { + "name": "20110228 FreeBSD crontab information leakage", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=129891323028897&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1656.json b/2011/1xxx/CVE-2011-1656.json index d134b0c23ae..15c5c7cc475 100644 --- a/2011/1xxx/CVE-2011-1656.json +++ b/2011/1xxx/CVE-2011-1656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1765.json b/2011/1xxx/CVE-2011-1765.json index 191b7f15d82..40e3c9c4661 100644 --- a/2011/1xxx/CVE-2011-1765.json +++ b/2011/1xxx/CVE-2011-1765.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702512" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534" - }, - { - "name" : "FEDORA-2011-6774", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html" - }, - { - "name" : "FEDORA-2011-6775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html" - }, - { - "name" : "FEDORA-2011-6781", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html" - }, - { - "name" : "47722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47722" - }, - { - "name" : "44684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-6774", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=702512", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512" + }, + { + "name": "44684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44684" + }, + { + "name": "47722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47722" + }, + { + "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28534" + }, + { + "name": "FEDORA-2011-6781", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html" + }, + { + "name": "FEDORA-2011-6775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5052.json b/2011/5xxx/CVE-2011-5052.json index 0edfc2851b6..9d43932208b 100644 --- a/2011/5xxx/CVE-2011-5052.json +++ b/2011/5xxx/CVE-2011-5052.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18283", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18283" - }, - { - "name" : "78043", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78043" - }, - { - "name" : "47343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47343" - }, - { - "name" : "cocsoftstreamdown-response-bo(72009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18283", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18283" + }, + { + "name": "47343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47343" + }, + { + "name": "78043", + "refsource": "OSVDB", + "url": "http://osvdb.org/78043" + }, + { + "name": "cocsoftstreamdown-response-bo(72009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72009" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5105.json b/2011/5xxx/CVE-2011-5105.json index 795cdd0bd79..a3ba7b1c76d 100644 --- a/2011/5xxx/CVE-2011-5105.json +++ b/2011/5xxx/CVE-2011-5105.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520562/100/0/threaded" - }, - { - "name" : "http://jameswebb.me/vulns/vrpth-2011-001.txt", - "refsource" : "MISC", - "url" : "http://jameswebb.me/vulns/vrpth-2011-001.txt" - }, - { - "name" : "50717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50717" - }, - { - "name" : "manageengine-adselfservice-xss(71395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jameswebb.me/vulns/vrpth-2011-001.txt", + "refsource": "MISC", + "url": "http://jameswebb.me/vulns/vrpth-2011-001.txt" + }, + { + "name": "20111117 Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520562/100/0/threaded" + }, + { + "name": "manageengine-adselfservice-xss(71395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71395" + }, + { + "name": "50717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50717" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3658.json b/2014/3xxx/CVE-2014-3658.json index ef96b366c68..0863e61387c 100644 --- a/2014/3xxx/CVE-2014-3658.json +++ b/2014/3xxx/CVE-2014-3658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3658", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3658", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3774.json b/2014/3xxx/CVE-2014-3774.json index 819148736b1..0cfd618d483 100644 --- a/2014/3xxx/CVE-2014-3774.json +++ b/2014/3xxx/CVE-2014-3774.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/18/2" - }, - { - "name" : "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/19/5" - }, - { - "name" : "http://teampass.net/installation/2.1.20-released.html", - "refsource" : "CONFIRM", - "url" : "http://teampass.net/installation/2.1.20-released.html" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f", - "refsource" : "CONFIRM", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f", + "refsource": "CONFIRM", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f" + }, + { + "name": "http://teampass.net/installation/2.1.20-released.html", + "refsource": "CONFIRM", + "url": "http://teampass.net/installation/2.1.20-released.html" + }, + { + "name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3856.json b/2014/3xxx/CVE-2014-3856.json index 8bcc3e9bd2c..9d1dd80a1ac 100644 --- a/2014/3xxx/CVE-2014-3856.json +++ b/2014/3xxx/CVE-2014-3856.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3856", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3856", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7358.json b/2014/7xxx/CVE-2014-7358.json index d4cafe83e15..00ad22ca6bf 100644 --- a/2014/7xxx/CVE-2014-7358.json +++ b/2014/7xxx/CVE-2014-7358.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#469857", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/469857" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#469857", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/469857" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7442.json b/2014/7xxx/CVE-2014-7442.json index ecd4845f2fd..7c8a92e28ab 100644 --- a/2014/7xxx/CVE-2014-7442.json +++ b/2014/7xxx/CVE-2014-7442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7442", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7442", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7918.json b/2014/7xxx/CVE-2014-7918.json index 80a7fa50866..19412d2144d 100644 --- a/2014/7xxx/CVE-2014-7918.json +++ b/2014/7xxx/CVE-2014-7918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8239.json b/2014/8xxx/CVE-2014-8239.json index 98bbae45fa5..5a21ed3ba22 100644 --- a/2014/8xxx/CVE-2014-8239.json +++ b/2014/8xxx/CVE-2014-8239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8239", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8239", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8379.json b/2014/8xxx/CVE-2014-8379.json index 566585aa205..dd4524e80eb 100644 --- a/2014/8xxx/CVE-2014-8379.json +++ b/2014/8xxx/CVE-2014-8379.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/node/2324813", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2324813" - }, - { - "name" : "https://www.drupal.org/node/2324777", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2324777" - }, - { - "name" : "69340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69340" - }, - { - "name" : "60734", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2324813", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2324813" + }, + { + "name": "60734", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60734" + }, + { + "name": "https://www.drupal.org/node/2324777", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2324777" + }, + { + "name": "69340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69340" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8509.json b/2014/8xxx/CVE-2014-8509.json index d24e761ed6b..6dc9dd40667 100644 --- a/2014/8xxx/CVE-2014-8509.json +++ b/2014/8xxx/CVE-2014-8509.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to \"Improper Indexing.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-370/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-370/" - }, - { - "name" : "https://github.com/bittorrent/bootstrap-dht/commit/bbc0b7191e3f48461ca6e5b1b34bdf4b3f1e79a9", - "refsource" : "CONFIRM", - "url" : "https://github.com/bittorrent/bootstrap-dht/commit/bbc0b7191e3f48461ca6e5b1b34bdf4b3f1e79a9" - }, - { - "name" : "70812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to \"Improper Indexing.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-370/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-370/" + }, + { + "name": "https://github.com/bittorrent/bootstrap-dht/commit/bbc0b7191e3f48461ca6e5b1b34bdf4b3f1e79a9", + "refsource": "CONFIRM", + "url": "https://github.com/bittorrent/bootstrap-dht/commit/bbc0b7191e3f48461ca6e5b1b34bdf4b3f1e79a9" + }, + { + "name": "70812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70812" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8900.json b/2014/8xxx/CVE-2014-8900.json index 02a5e67899f..d7bc8fb6d0a 100644 --- a/2014/8xxx/CVE-2014-8900.json +++ b/2014/8xxx/CVE-2014-8900.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-8900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695293", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21695293" - }, - { - "name" : "72900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293" + }, + { + "name": "72900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72900" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9048.json b/2014/9xxx/CVE-2014-9048.json index a82a5cf4894..3f3d23cfff6 100644 --- a/2014/9xxx/CVE-2014-9048.json +++ b/2014/9xxx/CVE-2014-9048.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-024", - "refsource" : "CONFIRM", - "url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024", + "refsource": "CONFIRM", + "url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-024" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9213.json b/2014/9xxx/CVE-2014-9213.json index b95e0646e51..adbf566cae0 100644 --- a/2014/9xxx/CVE-2014-9213.json +++ b/2014/9xxx/CVE-2014-9213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9213", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9213", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9745.json b/2014/9xxx/CVE-2014-9745.json index 0b3f232b11f..057f82f8372 100644 --- a/2014/9xxx/CVE-2014-9745.json +++ b/2014/9xxx/CVE-2014-9745.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75" - }, - { - "name" : "http://savannah.nongnu.org/bugs/index.php?41590", - "refsource" : "CONFIRM", - "url" : "http://savannah.nongnu.org/bugs/index.php?41590" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=459050", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=459050" - }, - { - "name" : "DSA-3370", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3370" - }, - { - "name" : "openSUSE-SU-2015:1704", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "76727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76727" - }, - { - "name" : "1033536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "openSUSE-SU-2015:1704", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75" + }, + { + "name": "76727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76727" + }, + { + "name": "http://savannah.nongnu.org/bugs/index.php?41590", + "refsource": "CONFIRM", + "url": "http://savannah.nongnu.org/bugs/index.php?41590" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=459050", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=459050" + }, + { + "name": "DSA-3370", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3370" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124" + }, + { + "name": "1033536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033536" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9949.json b/2014/9xxx/CVE-2014-9949.json index e32109f093a..f8f39cc2090 100644 --- a/2014/9xxx/CVE-2014-9949.json +++ b/2014/9xxx/CVE-2014-9949.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2014-9949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted Pointer Dereference Vulnerability in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference Vulnerability in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98250" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2005.json b/2016/2xxx/CVE-2016-2005.json index 323b7cfb7ac..343bf48bd97 100644 --- a/2016/2xxx/CVE-2016-2005.json +++ b/2016/2xxx/CVE-2016-2005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-245", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-245" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988" - }, - { - "name" : "1035631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-245", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-245" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988" + }, + { + "name": "1035631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035631" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2329.json b/2016/2xxx/CVE-2016-2329.json index 86e01fc1a6c..f97cfd6fb44 100644 --- a/2016/2xxx/CVE-2016-2329.json +++ b/2016/2xxx/CVE-2016-2329.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd" - }, - { - "name" : "GLSA-201606-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201606-09" - }, - { - "name" : "openSUSE-SU-2016:0528", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00129.html" - }, - { - "name" : "84212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84212" - }, - { - "name" : "1035010", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1035010", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035010" + }, + { + "name": "openSUSE-SU-2016:0528", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00129.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd" + }, + { + "name": "84212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84212" + }, + { + "name": "GLSA-201606-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201606-09" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2453.json b/2016/2xxx/CVE-2016-2453.json index 4e784128fb8..746ed20e21c 100644 --- a/2016/2xxx/CVE-2016-2453.json +++ b/2016/2xxx/CVE-2016-2453.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2624.json b/2016/2xxx/CVE-2016-2624.json index f1841ec86c5..dd2a67a4526 100644 --- a/2016/2xxx/CVE-2016-2624.json +++ b/2016/2xxx/CVE-2016-2624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2624", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2624", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2980.json b/2016/2xxx/CVE-2016-2980.json index b3f13dba690..51a4f8327c7 100644 --- a/2016/2xxx/CVE-2016-2980.json +++ b/2016/2xxx/CVE-2016-2980.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2016-2980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2016-2980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113993", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113993" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006447", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006447" - }, - { - "name" : "100531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100531" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113993", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113993" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006447", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006447" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6019.json b/2016/6xxx/CVE-2016-6019.json index 99624ab7544..5b207f7f6c9 100644 --- a/2016/6xxx/CVE-2016-6019.json +++ b/2016/6xxx/CVE-2016-6019.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2016-6019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Strategic Supply Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "10.0.2.0" - }, - { - "version_value" : "10.0.4.0" - }, - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2016-6019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Strategic Supply Management", + "version": { + "version_data": [ + { + "version_value": "10.0.0.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "10.0.2.0" + }, + { + "version_value": "10.0.4.0" + }, + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/116739", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/116739" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005839", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005839" - }, - { - "name" : "99589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116739", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116739" + }, + { + "name": "99589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99589" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005839", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005839" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6136.json b/2016/6xxx/CVE-2016-6136.json index 741d3601e0b..ec72075bbdd 100644 --- a/2016/6xxx/CVE-2016-6136.json +++ b/2016/6xxx/CVE-2016-6136.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/538835/30/0/threaded" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=120681", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=120681" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353533", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353533" - }, - { - "name" : "https://github.com/linux-audit/audit-kernel/issues/18", - "refsource" : "CONFIRM", - "url" : "https://github.com/linux-audit/audit-kernel/issues/18" - }, - { - "name" : "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c" - }, - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "RHSA-2016:2584", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html" - }, - { - "name" : "RHSA-2017:0307", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0307.html" - }, - { - "name" : "91558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91558" + }, + { + "name": "https://github.com/linux-audit/audit-kernel/issues/18", + "refsource": "CONFIRM", + "url": "https://github.com/linux-audit/audit-kernel/issues/18" + }, + { + "name": "RHSA-2016:2584", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=120681", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120681" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533" + }, + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/538835/30/0/threaded" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c" + }, + { + "name": "RHSA-2017:0307", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6325.json b/2016/6xxx/CVE-2016-6325.json index feb21099e66..da9a04cad2e 100644 --- a/2016/6xxx/CVE-2016-6325.json +++ b/2016/6xxx/CVE-2016-6325.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-6325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-6325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367447", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367447" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" - }, - { - "name" : "RHSA-2016:2045", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2045.html" - }, - { - "name" : "RHSA-2016:2046", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2046.html" - }, - { - "name" : "RHSA-2017:0455", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0455" - }, - { - "name" : "RHSA-2017:0456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0456" - }, - { - "name" : "RHSA-2017:0457", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html" - }, - { - "name" : "93478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93478" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "name": "RHSA-2016:2045", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html" + }, + { + "name": "RHSA-2016:2046", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html" + }, + { + "name": "RHSA-2017:0457", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html" + }, + { + "name": "RHSA-2017:0455", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0455" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447" + }, + { + "name": "RHSA-2017:0456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0456" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6694.json b/2016/6xxx/CVE-2016-6694.json index 787a1515235..0bbabea9e35 100644 --- a/2016/6xxx/CVE-2016-6694.json +++ b/2016/6xxx/CVE-2016-6694.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-10-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-10-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=961e38553aae8ba9b1af77c7a49acfbb7b0b6f62", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=961e38553aae8ba9b1af77c7a49acfbb7b0b6f62" - }, - { - "name" : "93330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93330" + }, + { + "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=961e38553aae8ba9b1af77c7a49acfbb7b0b6f62", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=961e38553aae8ba9b1af77c7a49acfbb7b0b6f62" + }, + { + "name": "http://source.android.com/security/bulletin/2016-10-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-10-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5575.json b/2017/5xxx/CVE-2017-5575.json index 8c5698b4382..f0a215a5af9 100644 --- a/2017/5xxx/CVE-2017-5575.json +++ b/2017/5xxx/CVE-2017-5575.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/68", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/68" - }, - { - "name" : "https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0" - }, - { - "name" : "95703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/68", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/68" + }, + { + "name": "95703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95703" + }, + { + "name": "https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5772.json b/2017/5xxx/CVE-2017-5772.json index 6495e8a3758..c3fb10e1b3e 100644 --- a/2017/5xxx/CVE-2017-5772.json +++ b/2017/5xxx/CVE-2017-5772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5772", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5772", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5858.json b/2017/5xxx/CVE-2017-5858.json index e74e26cc67c..c37e18c3c6a 100644 --- a/2017/5xxx/CVE-2017-5858.json +++ b/2017/5xxx/CVE-2017-5858.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/02/09/29", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/02/09/29" - }, - { - "name" : "https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572", - "refsource" : "MISC", - "url" : "https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572" - }, - { - "name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" - }, - { - "name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" - }, - { - "name" : "96183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572", + "refsource": "MISC", + "url": "https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/02/09/29", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/02/09/29" + }, + { + "name": "96183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96183" + }, + { + "name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", + "refsource": "MISC", + "url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" + }, + { + "name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", + "refsource": "MISC", + "url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" + } + ] + } +} \ No newline at end of file