diff --git a/2006/0xxx/CVE-2006-0069.json b/2006/0xxx/CVE-2006-0069.json index de255ebd70d..79cebb946f8 100644 --- a/2006/0xxx/CVE-2006-0069.json +++ b/2006/0xxx/CVE-2006-0069.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420667/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/4/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/4/summary.html" - }, - { - "name" : "16112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16112" - }, - { - "name" : "19087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19087" - }, - { - "name" : "18270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420667/100/0/threaded" + }, + { + "name": "16112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16112" + }, + { + "name": "18270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18270" + }, + { + "name": "19087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19087" + }, + { + "name": "http://evuln.com/vulns/4/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/4/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0381.json b/2006/0xxx/CVE-2006-0381.json index e6fa30e9c6b..db950cb62dd 100644 --- a/2006/0xxx/CVE-2006-0381.json +++ b/2006/0xxx/CVE-2006-0381.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2006-0381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-06:07", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc" - }, - { - "name" : "NetBSD-SA2006-004", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc" - }, - { - "name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104" - }, - { - "name" : "16375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16375" - }, - { - "name" : "22732", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22732" - }, - { - "name" : "1015542", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015542" - }, - { - "name" : "18609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18609" - }, - { - "name" : "bsd-pf-fragment-dos(24337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16375" + }, + { + "name": "1015542", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015542" + }, + { + "name": "18609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18609" + }, + { + "name": "bsd-pf-fragment-dos(24337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337" + }, + { + "name": "FreeBSD-SA-06:07", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc" + }, + { + "name": "22732", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22732" + }, + { + "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104" + }, + { + "name": "NetBSD-SA2006-004", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0734.json b/2006/0xxx/CVE-2006-0734.json index 25dfb8de3e3..91a47f14176 100644 --- a/2006/0xxx/CVE-2006-0734.json +++ b/2006/0xxx/CVE-2006-0734.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/csdos.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/csdos.txt" - }, - { - "name" : "16619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16619" - }, - { - "name" : "halflife-svcheckforduplicatenames-dos(33505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16619" + }, + { + "name": "halflife-svcheckforduplicatenames-dos(33505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33505" + }, + { + "name": "http://aluigi.altervista.org/adv/csdos.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/csdos.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0996.json b/2006/0xxx/CVE-2006-0996.json index 11167b9e021..3f3b8e2ef42 100644 --- a/2006/0xxx/CVE-2006-0996.json +++ b/2006/0xxx/CVE-2006-0996.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/34" - }, - { - "name" : "[php-cvs] 20060330 cvs: php-src /ext/standard info.c", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=php-cvs&m=114374620416389&w=2" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c" - }, - { - "name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm" - }, - { - "name" : "http://www.php.net/ChangeLog-4.php#4.4.3", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-4.php#4.4.3" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm" - }, - { - "name" : "GLSA-200605-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200605-08.xml" - }, - { - "name" : "MDKSA-2006:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074" - }, - { - "name" : "RHSA-2006:0276", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0276.html" - }, - { - "name" : "RHSA-2006:0501", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0501.html" - }, - { - "name" : "RHSA-2006:0549", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0549.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:024", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-320-1" - }, - { - "name" : "17362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17362" - }, - { - "name" : "oval:org.mitre.oval:def:10997", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997" - }, - { - "name" : "ADV-2006-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1290" - }, - { - "name" : "ADV-2006-2685", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2685" - }, - { - "name" : "24484", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24484" - }, - { - "name" : "1015879", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015879" - }, - { - "name" : "19599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19599" - }, - { - "name" : "19832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19832" - }, - { - "name" : "20222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20222" - }, - { - "name" : "20951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20951" - }, - { - "name" : "21252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21252" - }, - { - "name" : "21564", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21564" - }, - { - "name" : "19775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19775" - }, - { - "name" : "19979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19979" - }, - { - "name" : "20052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20052" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - }, - { - "name" : "675", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/675" - }, - { - "name" : "php-phpinfo-long-array-xss(25702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "675", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/675" + }, + { + "name": "19775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19775" + }, + { + "name": "21252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21252" + }, + { + "name": "24484", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24484" + }, + { + "name": "20222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20222" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "http://www.php.net/ChangeLog-4.php#4.4.3", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-4.php#4.4.3" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm" + }, + { + "name": "17362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17362" + }, + { + "name": "RHSA-2006:0276", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html" + }, + { + "name": "GLSA-200605-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200605-08.xml" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261" + }, + { + "name": "ADV-2006-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1290" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-320-1" + }, + { + "name": "RHSA-2006:0501", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html" + }, + { + "name": "1015879", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015879" + }, + { + "name": "20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/34" + }, + { + "name": "19979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19979" + }, + { + "name": "RHSA-2006:0549", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html" + }, + { + "name": "20951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20951" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "oval:org.mitre.oval:def:10997", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm" + }, + { + "name": "19599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19599" + }, + { + "name": "MDKSA-2006:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074" + }, + { + "name": "19832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19832" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c" + }, + { + "name": "20052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20052" + }, + { + "name": "21564", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21564" + }, + { + "name": "php-phpinfo-long-array-xss(25702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25702" + }, + { + "name": "ADV-2006-2685", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2685" + }, + { + "name": "SUSE-SA:2006:024", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/05-05-2006.html" + }, + { + "name": "[php-cvs] 20060330 cvs: php-src /ext/standard info.c", + "refsource": "MLIST", + "url": "http://marc.info/?l=php-cvs&m=114374620416389&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1207.json b/2006/1xxx/CVE-2006-1207.json index 540ce02d602..c0c860147b8 100644 --- a/2006/1xxx/CVE-2006-1207.json +++ b/2006/1xxx/CVE-2006-1207.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 PHP Upload Center Download users password hashes And phpshell Upload", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427215/100/0/threaded" - }, - { - "name" : "http://biyosecurity.be/bugs/phpuploadcenter2.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/phpuploadcenter2.txt" - }, - { - "name" : "http://www.blogcu.com/Liz0ziM/317250/", - "refsource" : "MISC", - "url" : "http://www.blogcu.com/Liz0ziM/317250/" - }, - { - "name" : "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html", - "refsource" : "MISC", - "url" : "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html" - }, - { - "name" : "23627", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.blogcu.com/Liz0ziM/317250/", + "refsource": "MISC", + "url": "http://www.blogcu.com/Liz0ziM/317250/" + }, + { + "name": "20060309 PHP Upload Center Download users password hashes And phpshell Upload", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427215/100/0/threaded" + }, + { + "name": "http://biyosecurity.be/bugs/phpuploadcenter2.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/phpuploadcenter2.txt" + }, + { + "name": "23627", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23627" + }, + { + "name": "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html", + "refsource": "MISC", + "url": "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1371.json b/2006/1xxx/CVE-2006-1371.json index d993f52c0e4..2075f0fb2ad 100644 --- a/2006/1xxx/CVE-2006-1371.json +++ b/2006/1xxx/CVE-2006-1371.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10", - "refsource" : "CONFIRM", - "url" : "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10" - }, - { - "name" : "20060324 XHP vendor ack/fix", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-March/000649.html" - }, - { - "name" : "1605", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1605" - }, - { - "name" : "17209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17209" - }, - { - "name" : "ADV-2006-1052", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1052" - }, - { - "name" : "24058", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24058" - }, - { - "name" : "24059", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24059" - }, - { - "name" : "19353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19353" - }, - { - "name" : "xhpcms-filemanager-file-upload(25399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19353" + }, + { + "name": "24058", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24058" + }, + { + "name": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10", + "refsource": "CONFIRM", + "url": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10" + }, + { + "name": "17209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17209" + }, + { + "name": "ADV-2006-1052", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1052" + }, + { + "name": "xhpcms-filemanager-file-upload(25399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25399" + }, + { + "name": "20060324 XHP vendor ack/fix", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-March/000649.html" + }, + { + "name": "1605", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1605" + }, + { + "name": "24059", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24059" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1475.json b/2006/1xxx/CVE-2006-1475.json index cae7c023a35..badbfc7f15b 100644 --- a/2006/1xxx/CVE-2006-1475.json +++ b/2006/1xxx/CVE-2006-1475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060324 Microsoft Windows XP SP2 Firewall issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428970/100/0/threaded" - }, - { - "name" : "20060327 Re: Microsoft Windows XP SP2 Firewall issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429111/100/0/threaded" - }, - { - "name" : "winxp-firewall-ads-bypass(25597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060324 Microsoft Windows XP SP2 Firewall issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428970/100/0/threaded" + }, + { + "name": "winxp-firewall-ads-bypass(25597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25597" + }, + { + "name": "20060327 Re: Microsoft Windows XP SP2 Firewall issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429111/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4360.json b/2006/4xxx/CVE-2006-4360.json index 28ebb732f68..a7ea371ed66 100644 --- a/2006/4xxx/CVE-2006-4360.json +++ b/2006/4xxx/CVE-2006-4360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the \"create products\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/80084", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/80084" - }, - { - "name" : "19675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19675" - }, - { - "name" : "ADV-2006-3364", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3364" - }, - { - "name" : "21604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21604" - }, - { - "name" : "ecommerce-unspecified-xss(28528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the \"create products\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21604" + }, + { + "name": "http://drupal.org/node/80084", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/80084" + }, + { + "name": "ADV-2006-3364", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3364" + }, + { + "name": "19675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19675" + }, + { + "name": "ecommerce-unspecified-xss(28528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28528" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4556.json b/2006/4xxx/CVE-2006-4556.json index 54ab93f57dd..42e37ef3b0a 100644 --- a/2006/4xxx/CVE-2006-4556.json +++ b/2006/4xxx/CVE-2006-4556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060817 Joomla RFİ ( ERNE )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443674/100/100/threaded" - }, - { - "name" : "20060823 Re: Joomla RFİ ( ERNE )", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444216/100/100/threaded" - }, - { - "name" : "28097", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060823 Re: Joomla RFİ ( ERNE )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444216/100/100/threaded" + }, + { + "name": "20060817 Joomla RFİ ( ERNE )", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443674/100/100/threaded" + }, + { + "name": "28097", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28097" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4845.json b/2006/4xxx/CVE-2006-4845.json index 7cb4d73aef2..53949a3ecda 100644 --- a/2006/4xxx/CVE-2006-4845.json +++ b/2006/4xxx/CVE-2006-4845.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2368", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2368" - }, - { - "name" : "20030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20030" - }, - { - "name" : "20036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20036" - }, - { - "name" : "ADV-2006-3630", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3630" - }, - { - "name" : "21933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21933" - }, - { - "name" : "teamcal-pro-footer-file-include(28956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "teamcal-pro-footer-file-include(28956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28956" + }, + { + "name": "ADV-2006-3630", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3630" + }, + { + "name": "20036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20036" + }, + { + "name": "2368", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2368" + }, + { + "name": "21933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21933" + }, + { + "name": "20030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20030" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5470.json b/2006/5xxx/CVE-2006-5470.json index 657cab85c39..cbc20575f66 100644 --- a/2006/5xxx/CVE-2006-5470.json +++ b/2006/5xxx/CVE-2006-5470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5470", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5740. Reason: This candidate is a duplicate of CVE-2006-5740 due to a typo. Notes: All CVE users should reference CVE-2006-5740 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-5470", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5740. Reason: This candidate is a duplicate of CVE-2006-5740 due to a typo. Notes: All CVE users should reference CVE-2006-5740 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5550.json b/2006/5xxx/CVE-2006-5550.json index a8d3bfc9e0b..1b2a4f426d4 100644 --- a/2006/5xxx/CVE-2006-5550.json +++ b/2006/5xxx/CVE-2006-5550.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html", - "refsource" : "MISC", - "url" : "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html" - }, - { - "name" : "20713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20713" - }, - { - "name" : "22543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20713" + }, + { + "name": "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html", + "refsource": "MISC", + "url": "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html" + }, + { + "name": "22543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22543" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5822.json b/2006/5xxx/CVE-2006-5822.json index 27f3f6b1768..8ff375f4af9 100644 --- a/2006/5xxx/CVE-2006-5822.json +++ b/2006/5xxx/CVE-2006-5822.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061213 ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454314/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html" - }, - { - "name" : "VU#650432", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/650432" - }, - { - "name" : "21565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21565" - }, - { - "name" : "ADV-2006-4999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4999" - }, - { - "name" : "1017379", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017379" - }, - { - "name" : "23368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23368" - }, - { - "name" : "netbackup-connect-options-bo(30883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html" + }, + { + "name": "20061213 ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454314/100/0/threaded" + }, + { + "name": "23368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23368" + }, + { + "name": "netbackup-connect-options-bo(30883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883" + }, + { + "name": "1017379", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017379" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html" + }, + { + "name": "21565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21565" + }, + { + "name": "VU#650432", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/650432" + }, + { + "name": "ADV-2006-4999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4999" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5883.json b/2006/5xxx/CVE-2006-5883.json index ff45395f7fd..1adcb47fdb2 100644 --- a/2006/5xxx/CVE-2006-5883.json +++ b/2006/5xxx/CVE-2006-5883.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 CPanel Multiple Cross Site Scription", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451374/100/0/threaded" - }, - { - "name" : "http://aria-security.net/advisory/cpanel.txt", - "refsource" : "MISC", - "url" : "http://aria-security.net/advisory/cpanel.txt" - }, - { - "name" : "21027", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21027" - }, - { - "name" : "ADV-2006-4500", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4500" - }, - { - "name" : "30386", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30386" - }, - { - "name" : "30387", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30387" - }, - { - "name" : "22825", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22825" - }, - { - "name" : "1847", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061112 CPanel Multiple Cross Site Scription", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded" + }, + { + "name": "30387", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30387" + }, + { + "name": "ADV-2006-4500", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4500" + }, + { + "name": "http://aria-security.net/advisory/cpanel.txt", + "refsource": "MISC", + "url": "http://aria-security.net/advisory/cpanel.txt" + }, + { + "name": "30386", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30386" + }, + { + "name": "22825", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22825" + }, + { + "name": "21027", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21027" + }, + { + "name": "1847", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1847" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0237.json b/2010/0xxx/CVE-2010-0237.json index 4332e38218a..af2d556cb41 100644 --- a/2010/0xxx/CVE-2010-0237.json +++ b/2010/0xxx/CVE-2010-0237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka \"Windows Kernel Symbolic Link Creation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021" - }, - { - "name" : "TA10-103A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7130", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7130" - }, - { - "name" : "1023850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023850" - }, - { - "name" : "39373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka \"Windows Kernel Symbolic Link Creation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7130", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7130" + }, + { + "name": "MS10-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021" + }, + { + "name": "TA10-103A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" + }, + { + "name": "39373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39373" + }, + { + "name": "1023850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023850" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0715.json b/2010/0xxx/CVE-2010-0715.json index 98644978ce8..99b6a566d6b 100644 --- a/2010/0xxx/CVE-2010-0715.json +++ b/2010/0xxx/CVE-2010-0715.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509744/100/0/threaded" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421469", - "refsource" : "MISC", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421469" - }, - { - "name" : "http://www.hacktics.com/content/advisories/AdvIBM20100224.html", - "refsource" : "MISC", - "url" : "http://www.hacktics.com/content/advisories/AdvIBM20100224.html" - }, - { - "name" : "ibm-login-phishing(56602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html", + "refsource": "MISC", + "url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html" + }, + { + "name": "ibm-login-phishing(56602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602" + }, + { + "name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469", + "refsource": "MISC", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2239.json b/2010/2xxx/CVE-2010-2239.json index 4346a365ba5..a5becc331cc 100644 --- a/2010/2xxx/CVE-2010-2239.json +++ b/2010/2xxx/CVE-2010-2239.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/news.html", - "refsource" : "MISC", - "url" : "http://libvirt.org/news.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607812", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607812" - }, - { - "name" : "FEDORA-2010-10960", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" - }, - { - "name" : "FEDORA-2010-11021", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" - }, - { - "name" : "RHSA-2010:0615", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0615.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "USN-1008-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-1" - }, - { - "name" : "USN-1008-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-2" - }, - { - "name" : "USN-1008-3", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1008-3" - }, - { - "name" : "ADV-2010-2062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2062" - }, - { - "name" : "ADV-2010-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2062" + }, + { + "name": "FEDORA-2010-10960", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html" + }, + { + "name": "USN-1008-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-2" + }, + { + "name": "FEDORA-2010-11021", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=607812", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812" + }, + { + "name": "RHSA-2010:0615", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html" + }, + { + "name": "http://libvirt.org/news.html", + "refsource": "MISC", + "url": "http://libvirt.org/news.html" + }, + { + "name": "USN-1008-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-1" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "USN-1008-3", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1008-3" + }, + { + "name": "ADV-2010-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2763" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2270.json b/2010/2xxx/CVE-2010-2270.json index d7b8d555415..d7c7f704f92 100644 --- a/2010/2xxx/CVE-2010-2270.json +++ b/2010/2xxx/CVE-2010-2270.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", - "refsource" : "MISC", - "url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" - }, - { - "name" : "VU#245081", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/245081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", + "refsource": "MISC", + "url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" + }, + { + "name": "VU#245081", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/245081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2566.json b/2010/2xxx/CVE-2010-2566.json index 0c2a56eea34..76406bac094 100644 --- a/2010/2xxx/CVE-2010-2566.json +++ b/2010/2xxx/CVE-2010-2566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka \"SChannel Malformed Certificate Request Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11787", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka \"SChannel Malformed Certificate Request Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "oval:org.mitre.oval:def:11787", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787" + }, + { + "name": "MS10-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3040.json b/2010/3xxx/CVE-2010-3040.json index f065148b236..8da78777961 100644 --- a/2010/3xxx/CVE-2010-3040.json +++ b/2010/3xxx/CVE-2010-3040.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-232/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-232/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-233/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-233/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-234/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-234/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-235/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-235/" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726" - }, - { - "name" : "44699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44699" - }, - { - "name" : "1024693", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024693" - }, - { - "name" : "42146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42146" - }, - { - "name" : "ADV-2010-2914", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-233/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-233/" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-234/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-234/" + }, + { + "name": "1024693", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024693" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-232/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-232/" + }, + { + "name": "ADV-2010-2914", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2914" + }, + { + "name": "42146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42146" + }, + { + "name": "44699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44699" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-235/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-235/" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3127.json b/2010/3xxx/CVE-2010-3127.json index 34d9f3b504b..5ded6bb6354 100644 --- a/2010/3xxx/CVE-2010-3127.json +++ b/2010/3xxx/CVE-2010-3127.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14741", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14741" - }, - { - "name" : "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html" - }, - { - "name" : "oval:org.mitre.oval:def:6778", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778" - }, - { - "name" : "41060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41060" - }, - { - "name" : "ADV-2010-2170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14741", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14741" + }, + { + "name": "41060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41060" + }, + { + "name": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html" + }, + { + "name": "ADV-2010-2170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2170" + }, + { + "name": "oval:org.mitre.oval:def:6778", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3357.json b/2010/3xxx/CVE-2010-3357.json index 97b3d6f9efc..3f99a3c3ae5 100644 --- a/2010/3xxx/CVE-2010-3357.json +++ b/2010/3xxx/CVE-2010-3357.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289" - }, - { - "name" : "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65" - }, - { - "name" : "FEDORA-2010-15628", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html" - }, - { - "name" : "FEDORA-2010-15711", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html" - }, - { - "name" : "FEDORA-2010-15717", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html" - }, - { - "name" : "41807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-15628", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html" + }, + { + "name": "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289" + }, + { + "name": "FEDORA-2010-15717", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html" + }, + { + "name": "41807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41807" + }, + { + "name": "FEDORA-2010-15711", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3385.json b/2010/3xxx/CVE-2010-3385.json index e4971daabff..62dcee3b636 100644 --- a/2010/3xxx/CVE-2010-3385.json +++ b/2010/3xxx/CVE-2010-3385.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3712.json b/2010/3xxx/CVE-2010-3712.json index caa5c20e789..ddf1565a07f 100644 --- a/2010/3xxx/CVE-2010-3712.json +++ b/2010/3xxx/CVE-2010-3712.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving \"multiple encoded entities,\" as demonstrated by the query string to index.php in the com_weblinks or com_content component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101011 CVE request: joomla before 1.5.21 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/08/4" - }, - { - "name" : "[oss-security] 20101011 Re: CVE request: joomla before 1.5.21 XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/10/11/4" - }, - { - "name" : "[oss-security] 20110314 CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/13/8" - }, - { - "name" : "[oss-security] 20110314 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/14/22" - }, - { - "name" : "[oss-security] 20110318 CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/18/5" - }, - { - "name" : "[oss-security] 20110318 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/18/3" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)" - }, - { - "name" : "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities" - }, - { - "name" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767", - "refsource" : "CONFIRM", - "url" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving \"multiple encoded entities,\" as demonstrated by the query string to index.php in the com_weblinks or com_content component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767", + "refsource": "CONFIRM", + "url": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767" + }, + { + "name": "[oss-security] 20110318 CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/18/5" + }, + { + "name": "[oss-security] 20101011 CVE request: joomla before 1.5.21 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/08/4" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)" + }, + { + "name": "[oss-security] 20110318 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/18/3" + }, + { + "name": "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities" + }, + { + "name": "[oss-security] 20110314 CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/13/8" + }, + { + "name": "[oss-security] 20110314 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/14/22" + }, + { + "name": "[oss-security] 20101011 Re: CVE request: joomla before 1.5.21 XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/10/11/4" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3870.json b/2010/3xxx/CVE-2010-3870.json index f91c7fa0bdb..d79d3ffe526 100644 --- a/2010/3xxx/CVE-2010-3870.json +++ b/2010/3xxx/CVE-2010-3870.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-3870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101102 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/2" - }, - { - "name" : "[oss-security] 20101102 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/4" - }, - { - "name" : "[oss-security] 20101102 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/6" - }, - { - "name" : "[oss-security] 20101102 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/8" - }, - { - "name" : "[oss-security] 20101102 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/11" - }, - { - "name" : "[oss-security] 20101102 utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/02/1" - }, - { - "name" : "[oss-security] 20101103 Re: utf-8 security issue in php", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/11/03/1" - }, - { - "name" : "http://bugs.php.net/bug.php?id=48230", - "refsource" : "MISC", - "url" : "http://bugs.php.net/bug.php?id=48230" - }, - { - "name" : "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html", - "refsource" : "MISC", - "url" : "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html" - }, - { - "name" : "http://us2.php.net/manual/en/function.utf8-decode.php#83935", - "refsource" : "MISC", - "url" : "http://us2.php.net/manual/en/function.utf8-decode.php#83935" - }, - { - "name" : "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/", - "refsource" : "MISC", - "url" : "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/" - }, - { - "name" : "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf" - }, - { - "name" : "http://bugs.php.net/bug.php?id=49687", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=49687" - }, - { - "name" : "http://svn.php.net/viewvc?view=revision&revision=304959", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc?view=revision&revision=304959" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - }, - { - "name" : "FEDORA-2010-18976", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" - }, - { - "name" : "FEDORA-2010-19011", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "MDVSA-2010:224", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224" - }, - { - "name" : "RHSA-2010:0919", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html" - }, - { - "name" : "RHSA-2011:0195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0195.html" - }, - { - "name" : "SUSE-SR:2010:023", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" - }, - { - "name" : "USN-1042-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1042-1" - }, - { - "name" : "44605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44605" - }, - { - "name" : "1024797", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024797" - }, - { - "name" : "42410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42410" - }, - { - "name" : "42812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42812" - }, - { - "name" : "ADV-2010-3081", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/3081" - }, - { - "name" : "ADV-2011-0020", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0020" - }, - { - "name" : "ADV-2011-0021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0021" - }, - { - "name" : "ADV-2011-0077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20101102 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/11" + }, + { + "name": "ADV-2011-0077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0077" + }, + { + "name": "FEDORA-2010-19011", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html" + }, + { + "name": "42812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42812" + }, + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "[oss-security] 20101102 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/2" + }, + { + "name": "RHSA-2011:0195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html" + }, + { + "name": "[oss-security] 20101102 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/4" + }, + { + "name": "1024797", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024797" + }, + { + "name": "SUSE-SR:2010:023", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" + }, + { + "name": "http://bugs.php.net/bug.php?id=49687", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=49687" + }, + { + "name": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf", + "refsource": "MISC", + "url": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf" + }, + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "USN-1042-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1042-1" + }, + { + "name": "[oss-security] 20101102 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/6" + }, + { + "name": "RHSA-2010:0919", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html" + }, + { + "name": "http://bugs.php.net/bug.php?id=48230", + "refsource": "MISC", + "url": "http://bugs.php.net/bug.php?id=48230" + }, + { + "name": "ADV-2011-0021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0021" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html", + "refsource": "MISC", + "url": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "[oss-security] 20101102 utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/1" + }, + { + "name": "42410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42410" + }, + { + "name": "MDVSA-2010:224", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224" + }, + { + "name": "FEDORA-2010-18976", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html" + }, + { + "name": "[oss-security] 20101103 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/03/1" + }, + { + "name": "http://svn.php.net/viewvc?view=revision&revision=304959", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc?view=revision&revision=304959" + }, + { + "name": "ADV-2011-0020", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0020" + }, + { + "name": "[oss-security] 20101102 Re: utf-8 security issue in php", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/11/02/8" + }, + { + "name": "44605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44605" + }, + { + "name": "http://us2.php.net/manual/en/function.utf8-decode.php#83935", + "refsource": "MISC", + "url": "http://us2.php.net/manual/en/function.utf8-decode.php#83935" + }, + { + "name": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/", + "refsource": "MISC", + "url": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/" + }, + { + "name": "ADV-2010-3081", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/3081" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4131.json b/2010/4xxx/CVE-2010-4131.json index 889ae1b77e4..835af17afc3 100644 --- a/2010/4xxx/CVE-2010-4131.json +++ b/2010/4xxx/CVE-2010-4131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4131", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4131", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4305.json b/2010/4xxx/CVE-2010-4305.json index 8eede3109d4..3feb4b0fd77 100644 --- a/2010/4xxx/CVE-2010-4305.json +++ b/2010/4xxx/CVE-2010-4305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Nov/167" - }, - { - "name" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", - "refsource" : "MISC", - "url" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" - }, - { - "name" : "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt", + "refsource": "MISC", + "url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt" + }, + { + "name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html" + }, + { + "name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Nov/167" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4656.json b/2010/4xxx/CVE-2010-4656.json index 2580b02834a..929b2766f8e 100644 --- a/2010/4xxx/CVE-2010-4656.json +++ b/2010/4xxx/CVE-2010-4656.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-4656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110124 CVE request: linux kernel heap issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/24/9" - }, - { - "name" : "[oss-security] 20110124 Re: CVE request: linux kernel heap issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/25/3" - }, - { - "name" : "[oss-security] 20110125 Re: CVE request: linux kernel heap issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/25/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=672420", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=672420" - }, - { - "name" : "USN-1146-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1146-1" - }, - { - "name" : "46069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1146-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1146-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=672420", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=672420" + }, + { + "name": "[oss-security] 20110124 CVE request: linux kernel heap issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/24/9" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0" + }, + { + "name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/25/4" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37" + }, + { + "name": "[oss-security] 20110124 Re: CVE request: linux kernel heap issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/25/3" + }, + { + "name": "46069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46069" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4879.json b/2010/4xxx/CVE-2010-4879.json index 4853aea2c5b..e5835d286c6 100644 --- a/2010/4xxx/CVE-2010-4879.json +++ b/2010/4xxx/CVE-2010-4879.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14851", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14851", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14851" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4975.json b/2010/4xxx/CVE-2010-4975.json index d55cf3211a2..64498fe4049 100644 --- a/2010/4xxx/CVE-2010-4975.json +++ b/2010/4xxx/CVE-2010-4975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14196", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14196" - }, - { - "name" : "41354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41354" - }, - { - "name" : "socialadsforjomsocial-index-xss(60067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14196", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14196" + }, + { + "name": "socialadsforjomsocial-index-xss(60067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60067" + }, + { + "name": "41354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41354" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5165.json b/2011/5xxx/CVE-2011-5165.json index ebdfc7b6e8f..c86e2893a12 100644 --- a/2011/5xxx/CVE-2011-5165.json +++ b/2011/5xxx/CVE-2011-5165.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11975", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11975" - }, - { - "name" : "11976", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11976" - }, - { - "name" : "17727", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17727" - }, - { - "name" : "18142", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18142" - }, - { - "name" : "36826", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36826/" - }, - { - "name" : "36465", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36465/" - }, - { - "name" : "36827", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/36827/" - }, - { - "name" : "39672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/39672" - }, - { - "name" : "63349", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63349" - }, - { - "name" : "39193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36465", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36465/" + }, + { + "name": "39193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39193" + }, + { + "name": "17727", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17727" + }, + { + "name": "39672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/39672" + }, + { + "name": "63349", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63349" + }, + { + "name": "18142", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18142" + }, + { + "name": "11976", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11976" + }, + { + "name": "11975", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11975" + }, + { + "name": "36826", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36826/" + }, + { + "name": "36827", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/36827/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3372.json b/2014/3xxx/CVE-2014-3372.json index c56d3b6c0b3..ed08d4a6aeb 100644 --- a/2014/3xxx/CVE-2014-3372.json +++ b/2014/3xxx/CVE-2014-3372.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292" - }, - { - "name" : "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372" - }, - { - "name" : "70846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70846" - }, - { - "name" : "1031159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031159" - }, - { - "name" : "61003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61003" - }, - { - "name" : "cisco-ucm-cve20143372-xss(98404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292" + }, + { + "name": "1031159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031159" + }, + { + "name": "61003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61003" + }, + { + "name": "cisco-ucm-cve20143372-xss(98404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404" + }, + { + "name": "70846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70846" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4565.json b/2014/4xxx/CVE-2014-4565.json index 4eca3eb85bf..a905c6eb070 100644 --- a/2014/4xxx/CVE-2014-4565.json +++ b/2014/4xxx/CVE-2014-4565.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-4565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss", - "refsource" : "MISC", - "url" : "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss", + "refsource": "MISC", + "url": "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8717.json b/2014/8xxx/CVE-2014-8717.json index 6909c84ba32..76d90ff1605 100644 --- a/2014/8xxx/CVE-2014-8717.json +++ b/2014/8xxx/CVE-2014-8717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8843.json b/2014/8xxx/CVE-2014-8843.json index e2221181ee4..283d68d599d 100644 --- a/2014/8xxx/CVE-2014-8843.json +++ b/2014/8xxx/CVE-2014-8843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8843", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8843", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8932.json b/2014/8xxx/CVE-2014-8932.json index 39c62141498..18b4546c006 100644 --- a/2014/8xxx/CVE-2014-8932.json +++ b/2014/8xxx/CVE-2014-8932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8932", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8932", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8937.json b/2014/8xxx/CVE-2014-8937.json index 2ddf078a0ef..f6ad711e3a9 100644 --- a/2014/8xxx/CVE-2014-8937.json +++ b/2014/8xxx/CVE-2014-8937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9358.json b/2014/9xxx/CVE-2014-9358.json index d3342e72c88..84f73c1191d 100644 --- a/2014/9xxx/CVE-2014-9358.json +++ b/2014/9xxx/CVE-2014-9358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534215/100/0/threaded" - }, - { - "name" : "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ" + }, + { + "name": "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9649.json b/2014/9xxx/CVE-2014-9649.json index a39c44a9038..6ceaa720075 100644 --- a/2014/9xxx/CVE-2014-9649.json +++ b/2014/9xxx/CVE-2014-9649.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2014-9649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/21/13" - }, - { - "name" : "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.rabbitmq.com/release-notes/README-3.4.1.txt" - }, - { - "name" : "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs" - }, - { - "name" : "RHSA-2016:0308", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0308.html" - }, - { - "name" : "76084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0308", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html" + }, + { + "name": "76084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76084" + }, + { + "name": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs" + }, + { + "name": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", + "refsource": "CONFIRM", + "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt" + }, + { + "name": "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9670.json b/2014/9xxx/CVE-2014-9670.json index 47ed26ff86f..dd93c36e76b 100644 --- a/2014/9xxx/CVE-2014-9670.json +++ b/2014/9xxx/CVE-2014-9670.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/google-security-research/issues/detail?id=158", - "refsource" : "MISC", - "url" : "http://code.google.com/p/google-security-research/issues/detail?id=158" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0083.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0083.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3188" - }, - { - "name" : "FEDORA-2015-2216", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" - }, - { - "name" : "FEDORA-2015-2237", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" - }, - { - "name" : "GLSA-201503-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-05" - }, - { - "name" : "MDVSA-2015:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" - }, - { - "name" : "RHSA-2015:0696", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html" - }, - { - "name" : "openSUSE-SU-2015:0627", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" - }, - { - "name" : "USN-2510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2510-1" - }, - { - "name" : "USN-2739-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2739-1" - }, - { - "name" : "72986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/google-security-research/issues/detail?id=158", + "refsource": "MISC", + "url": "http://code.google.com/p/google-security-research/issues/detail?id=158" + }, + { + "name": "DSA-3188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3188" + }, + { + "name": "GLSA-201503-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-05" + }, + { + "name": "72986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72986" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6" + }, + { + "name": "USN-2739-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2739-1" + }, + { + "name": "openSUSE-SU-2015:0627", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0083.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0083.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "RHSA-2015:0696", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html" + }, + { + "name": "FEDORA-2015-2216", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html" + }, + { + "name": "MDVSA-2015:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055" + }, + { + "name": "USN-2510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2510-1" + }, + { + "name": "FEDORA-2015-2237", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9783.json b/2014/9xxx/CVE-2014-9783.json index 8a319eb982e..17d80fa3e2f 100644 --- a/2014/9xxx/CVE-2014-9783.json +++ b/2014/9xxx/CVE-2014-9783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b" + }, + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9784.json b/2014/9xxx/CVE-2014-9784.json index afc96167484..b80674cc673 100644 --- a/2014/9xxx/CVE-2014-9784.json +++ b/2014/9xxx/CVE-2014-9784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba" - }, - { - "name" : "91628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba" + }, + { + "name": "91628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91628" + }, + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9882.json b/2014/9xxx/CVE-2014-9882.json index 94926b67607..7913fcbd84f 100644 --- a/2014/9xxx/CVE-2014-9882.json +++ b/2014/9xxx/CVE-2014-9882.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2014-9882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9" - }, - { - "name" : "92219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9" + }, + { + "name": "92219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92219" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2131.json b/2016/2xxx/CVE-2016-2131.json index 90a7b0cd4e6..a5ce202eb3c 100644 --- a/2016/2xxx/CVE-2016-2131.json +++ b/2016/2xxx/CVE-2016-2131.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2131", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2131", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2499.json b/2016/2xxx/CVE-2016-2499.json index b6fb62a62ed..2bfb2368e4c 100644 --- a/2016/2xxx/CVE-2016-2499.json +++ b/2016/2xxx/CVE-2016-2499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2919.json b/2016/2xxx/CVE-2016-2919.json index 1803f255bf3..36dfdc14dda 100644 --- a/2016/2xxx/CVE-2016-2919.json +++ b/2016/2xxx/CVE-2016-2919.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2919", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2919", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2967.json b/2016/2xxx/CVE-2016-2967.json index caaaf762eda..7bedb4053be 100644 --- a/2016/2xxx/CVE-2016-2967.json +++ b/2016/2xxx/CVE-2016-2967.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2016-2967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2016-2967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" - }, - { - "name" : "100572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006441", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006441" + }, + { + "name": "100572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100572" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2969.json b/2016/2xxx/CVE-2016-2969.json index f1b4f1bdb63..dadc45feb5b 100644 --- a/2016/2xxx/CVE-2016-2969.json +++ b/2016/2xxx/CVE-2016-2969.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2016-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sametime", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2016-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sametime", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439" - }, - { - "name" : "100599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100599" - }, - { - "name" : "1039231", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100599" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850" + }, + { + "name": "1039231", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039231" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006439", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006439" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6194.json b/2016/6xxx/CVE-2016-6194.json index 7a67c59e637..17ff14ae09f 100644 --- a/2016/6xxx/CVE-2016-6194.json +++ b/2016/6xxx/CVE-2016-6194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6224.json b/2016/6xxx/CVE-2016-6224.json index 406067f29e9..fb93eeae288 100644 --- a/2016/6xxx/CVE-2016-6224.json +++ b/2016/6xxx/CVE-2016-6224.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160713 CVE Requests: Information exposure caused by ecryptfs-setup-swap failures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/13/2" - }, - { - "name" : "[oss-security] 20160714 Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/14/3" - }, - { - "name" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882", - "refsource" : "CONFIRM", - "url" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882" - }, - { - "name" : "https://bugs.launchpad.net/ecryptfs/+bug/1597154", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ecryptfs/+bug/1597154" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282" - }, - { - "name" : "FEDORA-2016-41301e2187", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/" - }, - { - "name" : "USN-3032-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3032-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160714 Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/14/3" + }, + { + "name": "[oss-security] 20160713 CVE Requests: Information exposure caused by ecryptfs-setup-swap failures", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/13/2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282" + }, + { + "name": "USN-3032-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3032-1" + }, + { + "name": "https://bugs.launchpad.net/ecryptfs/+bug/1597154", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ecryptfs/+bug/1597154" + }, + { + "name": "FEDORA-2016-41301e2187", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/" + }, + { + "name": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882", + "refsource": "CONFIRM", + "url": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6491.json b/2016/6xxx/CVE-2016-6491.json index a02cf14b1a7..6d517f22c4b 100644 --- a/2016/6xxx/CVE-2016-6491.json +++ b/2016/6xxx/CVE-2016-6491.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160728 CVE-Request Buffer overflow ImageMagick", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/28/13" - }, - { - "name" : "[oss-security] 20160728 Re: CVE-Request Buffer overflow ImageMagick", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/07/28/15" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b" - }, - { - "name" : "GLSA-201611-21", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-21" - }, - { - "name" : "92186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92186" - }, - { - "name" : "1036501", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160728 CVE-Request Buffer overflow ImageMagick", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/28/13" + }, + { + "name": "[oss-security] 20160728 Re: CVE-Request Buffer overflow ImageMagick", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/07/28/15" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b" + }, + { + "name": "1036501", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036501" + }, + { + "name": "92186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92186" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + }, + { + "name": "GLSA-201611-21", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-21" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6523.json b/2016/6xxx/CVE-2016-6523.json index 9e22250bc18..ab8aa91c9b0 100644 --- a/2016/6xxx/CVE-2016-6523.json +++ b/2016/6xxx/CVE-2016-6523.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160802 CVE request: XSS vulns in Dotclear v2.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/02/3" - }, - { - "name" : "[oss-security] 20160802 Re: CVE request: XSS vulns in Dotclear v2.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/02/13" - }, - { - "name" : "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG" - }, - { - "name" : "https://hg.dotclear.org/dotclear/rev/40d0207e520d", - "refsource" : "CONFIRM", - "url" : "https://hg.dotclear.org/dotclear/rev/40d0207e520d" - }, - { - "name" : "92272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160802 Re: CVE request: XSS vulns in Dotclear v2.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/02/13" + }, + { + "name": "[oss-security] 20160802 CVE request: XSS vulns in Dotclear v2.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/02/3" + }, + { + "name": "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG" + }, + { + "name": "https://hg.dotclear.org/dotclear/rev/40d0207e520d", + "refsource": "CONFIRM", + "url": "https://hg.dotclear.org/dotclear/rev/40d0207e520d" + }, + { + "name": "92272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92272" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6908.json b/2016/6xxx/CVE-2016-6908.json index 215bad8dff3..42b48c2df25 100644 --- a/2016/6xxx/CVE-2016-6908.json +++ b/2016/6xxx/CVE-2016-6908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as \"/\", \"?\" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "92701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as \"/\", \"?\" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92701" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7103.json b/2016/7xxx/CVE-2016-7103.json index efe6f791a7a..056dca27ca9 100644 --- a/2016/7xxx/CVE-2016-7103.json +++ b/2016/7xxx/CVE-2016-7103.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/127", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/127" - }, - { - "name" : "https://github.com/jquery/api.jqueryui.com/issues/281", - "refsource" : "CONFIRM", - "url" : "https://github.com/jquery/api.jqueryui.com/issues/281" - }, - { - "name" : "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6", - "refsource" : "CONFIRM", - "url" : "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6" - }, - { - "name" : "https://jqueryui.com/changelog/1.12.0/", - "refsource" : "CONFIRM", - "url" : "https://jqueryui.com/changelog/1.12.0/" - }, - { - "name" : "https://www.tenable.com/security/tns-2016-19", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2016-19" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "RHSA-2017:0161", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0161.html" - }, - { - "name" : "RHSA-2016:2932", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2932.html" - }, - { - "name" : "RHSA-2016:2933", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2933.html" - }, - { - "name" : "104823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0161", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html" + }, + { + "name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6", + "refsource": "CONFIRM", + "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "RHSA-2016:2933", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html" + }, + { + "name": "https://github.com/jquery/api.jqueryui.com/issues/281", + "refsource": "CONFIRM", + "url": "https://github.com/jquery/api.jqueryui.com/issues/281" + }, + { + "name": "RHSA-2016:2932", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html" + }, + { + "name": "https://nodesecurity.io/advisories/127", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/127" + }, + { + "name": "https://www.tenable.com/security/tns-2016-19", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-19" + }, + { + "name": "104823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104823" + }, + { + "name": "https://jqueryui.com/changelog/1.12.0/", + "refsource": "CONFIRM", + "url": "https://jqueryui.com/changelog/1.12.0/" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7150.json b/2016/7xxx/CVE-2016-7150.json index c87af0016ea..f87366b690a 100644 --- a/2016/7xxx/CVE-2016-7150.json +++ b/2016/7xxx/CVE-2016-7150.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160912 CVE Request: XSS vulns in b2evolution v6.7.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/12/1" - }, - { - "name" : "[oss-security] 20160915 Re: CVE Request: XSS vulns in b2evolution v6.7.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/15/4" - }, - { - "name" : "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c", - "refsource" : "CONFIRM", - "url" : "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c" - }, - { - "name" : "92967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160915 Re: CVE Request: XSS vulns in b2evolution v6.7.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/15/4" + }, + { + "name": "92967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92967" + }, + { + "name": "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c", + "refsource": "CONFIRM", + "url": "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c" + }, + { + "name": "[oss-security] 20160912 CVE Request: XSS vulns in b2evolution v6.7.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/12/1" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7262.json b/2016/7xxx/CVE-2016-7262.json index a262903beb3..fc71dfc277d 100644 --- a/2016/7xxx/CVE-2016-7262.json +++ b/2016/7xxx/CVE-2016-7262.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2016-7262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-7262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-148", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" - }, - { - "name" : "94660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94660" - }, - { - "name" : "1037441", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS16-148", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" + }, + { + "name": "94660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94660" + }, + { + "name": "1037441", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037441" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7535.json b/2016/7xxx/CVE-2016-7535.json index d0c444b4024..4e265ff950b 100644 --- a/2016/7xxx/CVE-2016-7535.json +++ b/2016/7xxx/CVE-2016-7535.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-7535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378768", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378768" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/128", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/128" - }, - { - "name" : "93131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/128", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/128" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378768", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378768" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180" + }, + { + "name": "93131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93131" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7910.json b/2016/7xxx/CVE-2016-7910.json index 856d2ca0e9d..8358f1a8702 100644 --- a/2016/7xxx/CVE-2016-7910.json +++ b/2016/7xxx/CVE-2016-7910.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-7910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1" - }, - { - "name" : "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84" - }, - { - "name" : "RHSA-2017:0892", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0892" - }, - { - "name" : "RHSA-2017:1297", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1297" - }, - { - "name" : "RHSA-2017:1298", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1298" - }, - { - "name" : "RHSA-2017:1308", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1308" - }, - { - "name" : "94135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84" + }, + { + "name": "RHSA-2017:1308", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1308" + }, + { + "name": "http://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "RHSA-2017:0892", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0892" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84" + }, + { + "name": "RHSA-2017:1298", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1298" + }, + { + "name": "94135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94135" + }, + { + "name": "RHSA-2017:1297", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1297" + } + ] + } +} \ No newline at end of file