diff --git a/2006/0xxx/CVE-2006-0981.json b/2006/0xxx/CVE-2006-0981.json index f5efddbd191..4d64c9a02b6 100644 --- a/2006/0xxx/CVE-2006-0981.json +++ b/2006/0xxx/CVE-2006-0981.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060224 WinAce Archiver v2.6 Directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425971/100/0/threaded" - }, - { - "name" : "http://www.hamid.ir/security/winace.txt", - "refsource" : "MISC", - "url" : "http://www.hamid.ir/security/winace.txt" - }, - { - "name" : "16800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16800" - }, - { - "name" : "ADV-2006-0730", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0730" - }, - { - "name" : "23464", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23464" - }, - { - "name" : "19013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19013" - }, - { - "name" : "winace-rar-tar-directory-traversal(24902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16800" + }, + { + "name": "23464", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23464" + }, + { + "name": "http://www.hamid.ir/security/winace.txt", + "refsource": "MISC", + "url": "http://www.hamid.ir/security/winace.txt" + }, + { + "name": "19013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19013" + }, + { + "name": "ADV-2006-0730", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0730" + }, + { + "name": "winace-rar-tar-directory-traversal(24902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902" + }, + { + "name": "20060224 WinAce Archiver v2.6 Directory traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1714.json b/2006/1xxx/CVE-2006-1714.json index 8c6b1d8bfcc..36d0fb76163 100644 --- a/2006/1xxx/CVE-2006-1714.json +++ b/2006/1xxx/CVE-2006-1714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060410 phpMyForum Cross Site Scripting & CRLF injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430480/100/0/threaded" - }, - { - "name" : "20060425 Re: phpMyForum Cross Site Scripting & CRLF injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432455/100/0/threaded" - }, - { - "name" : "17420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17420" - }, - { - "name" : "phpmyforum-index-crlf-injection(25750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060410 phpMyForum Cross Site Scripting & CRLF injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430480/100/0/threaded" + }, + { + "name": "17420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17420" + }, + { + "name": "20060425 Re: phpMyForum Cross Site Scripting & CRLF injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432455/100/0/threaded" + }, + { + "name": "phpmyforum-index-crlf-injection(25750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25750" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1727.json b/2006/1xxx/CVE-2006-1727.json index e78c543f0dc..a08616716ff 100644 --- a/2006/1xxx/CVE-2006-1727.json +++ b/2006/1xxx/CVE-2006-1727.json @@ -1,397 +1,397 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with \"Print Preview\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-1727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" - }, - { - "name" : "DSA-1044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1044" - }, - { - "name" : "DSA-1046", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1046" - }, - { - "name" : "DSA-1051", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1051" - }, - { - "name" : "FEDORA-2006-410", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" - }, - { - "name" : "FEDORA-2006-411", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" - }, - { - "name" : "FLSA:189137-1", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" - }, - { - "name" : "FLSA:189137-2", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" - }, - { - "name" : "GLSA-200604-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" - }, - { - "name" : "GLSA-200604-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" - }, - { - "name" : "GLSA-200605-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" - }, - { - "name" : "HPSBUX02122", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "SSRT061158", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" - }, - { - "name" : "MDKSA-2006:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" - }, - { - "name" : "RHSA-2006:0328", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" - }, - { - "name" : "RHSA-2006:0329", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" - }, - { - "name" : "RHSA-2006:0330", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" - }, - { - "name" : "SCOSA-2006.26", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" - }, - { - "name" : "20060404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" - }, - { - "name" : "102550", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" - }, - { - "name" : "228526", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" - }, - { - "name" : "SUSE-SA:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" - }, - { - "name" : "SUSE-SA:2006:021", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" - }, - { - "name" : "USN-275-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/275-1/" - }, - { - "name" : "USN-276-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/276-1/" - }, - { - "name" : "USN-271-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/271-1/" - }, - { - "name" : "17516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17516" - }, - { - "name" : "oval:org.mitre.oval:def:10364", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364" - }, - { - "name" : "ADV-2006-1356", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1356" - }, - { - "name" : "ADV-2006-3391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3391" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "oval:org.mitre.oval:def:1649", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649" - }, - { - "name" : "1015926", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015926" - }, - { - "name" : "1015927", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015927" - }, - { - "name" : "1015928", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015928" - }, - { - "name" : "1015929", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015929" - }, - { - "name" : "19631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19631" - }, - { - "name" : "19649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19649" - }, - { - "name" : "19759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19759" - }, - { - "name" : "19821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19821" - }, - { - "name" : "19811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19811" - }, - { - "name" : "19823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19823" - }, - { - "name" : "19852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19852" - }, - { - "name" : "19862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19862" - }, - { - "name" : "19863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19863" - }, - { - "name" : "19902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19902" - }, - { - "name" : "19950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19950" - }, - { - "name" : "19941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19941" - }, - { - "name" : "19714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19714" - }, - { - "name" : "19721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19721" - }, - { - "name" : "19746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19746" - }, - { - "name" : "21033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21033" - }, - { - "name" : "21622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21622" - }, - { - "name" : "19696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19696" - }, - { - "name" : "19729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19729" - }, - { - "name" : "19780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19780" - }, - { - "name" : "20051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20051" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-printpreview-privilege-escalation(25824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with \"Print Preview\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015927", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015927" + }, + { + "name": "USN-275-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/275-1/" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "RHSA-2006:0330", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html" + }, + { + "name": "19902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19902" + }, + { + "name": "20060404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" + }, + { + "name": "mozilla-printpreview-privilege-escalation(25824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25824" + }, + { + "name": "USN-276-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/276-1/" + }, + { + "name": "HPSBUX02122", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "19941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19941" + }, + { + "name": "19780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19780" + }, + { + "name": "1015929", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015929" + }, + { + "name": "RHSA-2006:0328", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html" + }, + { + "name": "19821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19821" + }, + { + "name": "GLSA-200604-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" + }, + { + "name": "21622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21622" + }, + { + "name": "19862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19862" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" + }, + { + "name": "19823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19823" + }, + { + "name": "DSA-1051", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1051" + }, + { + "name": "FEDORA-2006-410", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "oval:org.mitre.oval:def:1649", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649" + }, + { + "name": "USN-271-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/271-1/" + }, + { + "name": "1015928", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015928" + }, + { + "name": "19714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19714" + }, + { + "name": "RHSA-2006:0329", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html" + }, + { + "name": "GLSA-200604-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" + }, + { + "name": "19811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19811" + }, + { + "name": "19746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19746" + }, + { + "name": "21033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21033" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "102550", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" + }, + { + "name": "19696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19696" + }, + { + "name": "19759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19759" + }, + { + "name": "SUSE-SA:2006:021", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" + }, + { + "name": "FLSA:189137-2", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "ADV-2006-1356", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1356" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "1015926", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015926" + }, + { + "name": "SSRT061158", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded" + }, + { + "name": "MDKSA-2006:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" + }, + { + "name": "19729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19729" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "19649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19649" + }, + { + "name": "20051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20051" + }, + { + "name": "19863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19863" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10364", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364" + }, + { + "name": "SCOSA-2006.26", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" + }, + { + "name": "FLSA:189137-1", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded" + }, + { + "name": "17516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17516" + }, + { + "name": "228526", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" + }, + { + "name": "FEDORA-2006-411", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" + }, + { + "name": "19852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19852" + }, + { + "name": "19721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19721" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "SUSE-SA:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html" + }, + { + "name": "GLSA-200605-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" + }, + { + "name": "ADV-2006-3391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3391" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "19631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19631" + }, + { + "name": "19950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19950" + }, + { + "name": "MDKSA-2006:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" + }, + { + "name": "DSA-1046", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1046" + }, + { + "name": "DSA-1044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1044" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5151.json b/2006/5xxx/CVE-2006-5151.json index 2194e4f8e97..9395dca1053 100644 --- a/2006/5xxx/CVE-2006-5151.json +++ b/2006/5xxx/CVE-2006-5151.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to \"gain root access\" via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm" - }, - { - "name" : "HPSBUX02157", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/447505/100/0/threaded" - }, - { - "name" : "SSRT061220", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/447505/100/0/threaded" - }, - { - "name" : "20269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20269" - }, - { - "name" : "oval:org.mitre.oval:def:5658", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5658" - }, - { - "name" : "ADV-2006-3885", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3885" - }, - { - "name" : "1016942", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016942" - }, - { - "name" : "22190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22190" - }, - { - "name" : "22361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22361" - }, - { - "name" : "1688", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1688" - }, - { - "name" : "hpux-ignite-privilege-escalation(29261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to \"gain root access\" via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm" + }, + { + "name": "oval:org.mitre.oval:def:5658", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5658" + }, + { + "name": "1016942", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016942" + }, + { + "name": "SSRT061220", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/447505/100/0/threaded" + }, + { + "name": "HPSBUX02157", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/447505/100/0/threaded" + }, + { + "name": "1688", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1688" + }, + { + "name": "ADV-2006-3885", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3885" + }, + { + "name": "20269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20269" + }, + { + "name": "hpux-ignite-privilege-escalation(29261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29261" + }, + { + "name": "22361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22361" + }, + { + "name": "22190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22190" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5183.json b/2006/5xxx/CVE-2006-5183.json index bf11ec0f8d2..511d3e2bc24 100644 --- a/2006/5xxx/CVE-2006-5183.json +++ b/2006/5xxx/CVE-2006-5183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061001 Dayfox Blog v2.0 Remote file include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447500/100/0/threaded" - }, - { - "name" : "1694", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1694" - }, - { - "name" : "dayfoxblog-slogin-file-include(29310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dayfoxblog-slogin-file-include(29310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29310" + }, + { + "name": "20061001 Dayfox Blog v2.0 Remote file include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447500/100/0/threaded" + }, + { + "name": "1694", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1694" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5264.json b/2006/5xxx/CVE-2006-5264.json index f166467ccc5..0c799995118 100644 --- a/2006/5xxx/CVE-2006-5264.json +++ b/2006/5xxx/CVE-2006-5264.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061011 MysqlDumper Version 1.21 b6 Xss Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448269/100/0/threaded" - }, - { - "name" : "22392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22392" - }, - { - "name" : "1712", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061011 MysqlDumper Version 1.21 b6 Xss Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448269/100/0/threaded" + }, + { + "name": "22392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22392" + }, + { + "name": "1712", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1712" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5457.json b/2006/5xxx/CVE-2006-5457.json index 7e8b95dd25f..d48344a560d 100644 --- a/2006/5xxx/CVE-2006-5457.json +++ b/2006/5xxx/CVE-2006-5457.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884", - "refsource" : "MISC", - "url" : "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884", + "refsource": "MISC", + "url": "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884" + } + ] + } +} \ No newline at end of file diff --git a/2006/5xxx/CVE-2006-5871.json b/2006/5xxx/CVE-2006-5871.json index 6de28bb9395..cb4da59f1f4 100644 --- a/2006/5xxx/CVE-2006-5871.json +++ b/2006/5xxx/CVE-2006-5871.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-5871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-5871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1233" - }, - { - "name" : "DSA-1237", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1237" - }, - { - "name" : "SUSE-SA:2007:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_35_kernel.html" - }, - { - "name" : "21523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21523" - }, - { - "name" : "oval:org.mitre.oval:def:10171", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171" - }, - { - "name" : "23361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23361" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23395" - }, - { - "name" : "25683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10171", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171" + }, + { + "name": "23361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23361" + }, + { + "name": "25683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25683" + }, + { + "name": "DSA-1237", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1237" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1233" + }, + { + "name": "21523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21523" + }, + { + "name": "23395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23395" + }, + { + "name": "SUSE-SA:2007:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_35_kernel.html" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2212.json b/2007/2xxx/CVE-2007-2212.json index a3bc9a8a269..93ab5ebe997 100644 --- a/2007/2xxx/CVE-2007-2212.json +++ b/2007/2xxx/CVE-2007-2212.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "mybb-calendar-sql-injection(33814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-calendar-sql-injection(33814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2376.json b/2007/2xxx/CVE-2007-2376.json index fb3387999e3..741643a0866 100644 --- a/2007/2xxx/CVE-2007-2376.json +++ b/2007/2xxx/CVE-2007-2376.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", - "refsource" : "MISC", - "url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" - }, - { - "name" : "43323", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", + "refsource": "MISC", + "url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" + }, + { + "name": "43323", + "refsource": "OSVDB", + "url": "http://osvdb.org/43323" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2379.json b/2007/2xxx/CVE-2007-2379.json index 324aa6a2902..a89383d5bc8 100644 --- a/2007/2xxx/CVE-2007-2379.json +++ b/2007/2xxx/CVE-2007-2379.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", - "refsource" : "MISC", - "url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" - }, - { - "name" : "43320", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", + "refsource": "MISC", + "url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" + }, + { + "name": "43320", + "refsource": "OSVDB", + "url": "http://osvdb.org/43320" + } + ] + } +} \ No newline at end of file diff --git a/2007/2xxx/CVE-2007-2749.json b/2007/2xxx/CVE-2007-2749.json index eacfdff6c23..e154e4e6400 100644 --- a/2007/2xxx/CVE-2007-2749.json +++ b/2007/2xxx/CVE-2007-2749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3943", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3943" - }, - { - "name" : "24032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24032" - }, - { - "name" : "36091", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36091" - }, - { - "name" : "25297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25297" - }, - { - "name" : "faqengine-question-sql-injection(34355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24032" + }, + { + "name": "25297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25297" + }, + { + "name": "faqengine-question-sql-injection(34355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34355" + }, + { + "name": "36091", + "refsource": "OSVDB", + "url": "http://osvdb.org/36091" + }, + { + "name": "3943", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3943" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0641.json b/2010/0xxx/CVE-2010-0641.json index af95c08e8b3..c7d41b3c292 100644 --- a/2010/0xxx/CVE-2010-0641.json +++ b/2010/0xxx/CVE-2010-0641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11403", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11403" - }, - { - "name" : "38201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38201" - }, - { - "name" : "ccs-loginpage-xss(56220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38201" + }, + { + "name": "11403", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11403" + }, + { + "name": "ccs-loginpage-xss(56220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56220" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0830.json b/2010/0xxx/CVE-2010-0830.json index bf2f7cb3563..38d3f9efacc 100644 --- a/2010/0xxx/CVE-2010-0830.json +++ b/2010/0xxx/CVE-2010-0830.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2010-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html", - "refsource" : "MISC", - "url" : "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" - }, - { - "name" : "http://frugalware.org/security/662", - "refsource" : "CONFIRM", - "url" : "http://frugalware.org/security/662" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" - }, - { - "name" : "DSA-2058", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2058" - }, - { - "name" : "GLSA-201011-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml" - }, - { - "name" : "MDVSA-2010:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" - }, - { - "name" : "MDVSA-2010:112", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" - }, - { - "name" : "SUSE-SA:2010:052", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - }, - { - "name" : "USN-944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-944-1" - }, - { - "name" : "40063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40063" - }, - { - "name" : "1024044", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024044" - }, - { - "name" : "39900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39900" - }, - { - "name" : "ADV-2010-1246", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1246" - }, - { - "name" : "glibc-elf-code-execution(58915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2010:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" + }, + { + "name": "GLSA-201011-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml" + }, + { + "name": "ADV-2010-1246", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1246" + }, + { + "name": "USN-944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-944-1" + }, + { + "name": "39900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39900" + }, + { + "name": "SUSE-SA:2010:052", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" + }, + { + "name": "40063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40063" + }, + { + "name": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html", + "refsource": "MISC", + "url": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" + }, + { + "name": "http://frugalware.org/security/662", + "refsource": "CONFIRM", + "url": "http://frugalware.org/security/662" + }, + { + "name": "MDVSA-2010:112", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" + }, + { + "name": "DSA-2058", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2058" + }, + { + "name": "glibc-elf-code-execution(58915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" + }, + { + "name": "1024044", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024044" + } + ] + } +} \ No newline at end of file diff --git a/2010/0xxx/CVE-2010-0989.json b/2010/0xxx/CVE-2010-0989.json index 1be601556c1..2f43719a24c 100644 --- a/2010/0xxx/CVE-2010-0989.json +++ b/2010/0xxx/CVE-2010-0989.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-0989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-0989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100324 Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/510307/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-48/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-48/" - }, - { - "name" : "38947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38947" - }, - { - "name" : "63167", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/63167" - }, - { - "name" : "39011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63167", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/63167" + }, + { + "name": "20100324 Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/510307/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2010-48/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-48/" + }, + { + "name": "38947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38947" + }, + { + "name": "39011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39011" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1290.json b/2010/1xxx/CVE-2010-1290.json index 6ab5d9356a6..735f65f3c8d 100644 --- a/2010/1xxx/CVE-2010-1290.json +++ b/2010/1xxx/CVE-2010-1290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-1290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" - }, - { - "name" : "oval:org.mitre.oval:def:7154", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7154" - }, - { - "name" : "38751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38751" - }, - { - "name" : "ADV-2010-1128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38751" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html" + }, + { + "name": "ADV-2010-1128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1128" + }, + { + "name": "oval:org.mitre.oval:def:7154", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7154" + } + ] + } +} \ No newline at end of file diff --git a/2010/1xxx/CVE-2010-1645.json b/2010/1xxx/CVE-2010-1645.json index c121ddf1aa1..c96df9000e9 100644 --- a/2010/1xxx/CVE-2010-1645.json +++ b/2010/1xxx/CVE-2010-1645.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-1645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-1645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php", - "refsource" : "MISC", - "url" : "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=5778", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=5778" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=5782", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=5782" - }, - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=5784", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=5784" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7f.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7f.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=609115", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=609115" - }, - { - "name" : "MDVSA-2010:160", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" - }, - { - "name" : "RHSA-2010:0635", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" - }, - { - "name" : "41041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41041" - }, - { - "name" : "ADV-2010-2132", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=5778", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=5778" + }, + { + "name": "MDVSA-2010:160", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" + }, + { + "name": "41041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41041" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7f.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7f.php" + }, + { + "name": "RHSA-2010:0635", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html" + }, + { + "name": "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php", + "refsource": "MISC", + "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php" + }, + { + "name": "ADV-2010-2132", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2132" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=5782", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=5782" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=609115", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609115" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=5784", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=5784" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3727.json b/2010/3xxx/CVE-2010-3727.json index 55a54aac8af..d35dbb7baeb 100644 --- a/2010/3xxx/CVE-2010-3727.json +++ b/2010/3xxx/CVE-2010-3727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3727", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3727", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3833.json b/2010/3xxx/CVE-2010-3833.json index 25f68e5cbd0..815928ebc73 100644 --- a/2010/3xxx/CVE-2010-3833.json +++ b/2010/3xxx/CVE-2010-3833.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mysql.com/bug.php?id=55826", - "refsource" : "MISC", - "url" : "http://bugs.mysql.com/bug.php?id=55826" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640751", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640751" - }, - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "DSA-2143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2143" - }, - { - "name" : "MDVSA-2010:222", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" - }, - { - "name" : "MDVSA-2010:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" - }, - { - "name" : "RHSA-2010:0825", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" - }, - { - "name" : "RHSA-2011:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" - }, - { - "name" : "TLSA-2011-3", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" - }, - { - "name" : "USN-1017-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1017-1" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "43676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43676" - }, - { - "name" : "42875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42875" - }, - { - "name" : "42936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42936" - }, - { - "name" : "ADV-2011-0105", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0105" - }, - { - "name" : "ADV-2011-0170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0170" - }, - { - "name" : "ADV-2011-0345", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0345" - }, - { - "name" : "mysql-extremevalue-dos(64845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640751", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640751" + }, + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "42875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42875" + }, + { + "name": "USN-1017-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1017-1" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "TLSA-2011-3", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" + }, + { + "name": "ADV-2011-0105", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0105" + }, + { + "name": "MDVSA-2010:222", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" + }, + { + "name": "RHSA-2011:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html" + }, + { + "name": "ADV-2011-0170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0170" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" + }, + { + "name": "DSA-2143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2143" + }, + { + "name": "43676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43676" + }, + { + "name": "mysql-extremevalue-dos(64845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64845" + }, + { + "name": "ADV-2011-0345", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0345" + }, + { + "name": "42936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42936" + }, + { + "name": "RHSA-2010:0825", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=55826", + "refsource": "MISC", + "url": "http://bugs.mysql.com/bug.php?id=55826" + }, + { + "name": "MDVSA-2010:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4097.json b/2010/4xxx/CVE-2010-4097.json index ceaad3f3e56..320f24ab5df 100644 --- a/2010/4xxx/CVE-2010-4097.json +++ b/2010/4xxx/CVE-2010-4097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101024 Aardvark Topsite XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514423/100/0/threaded" - }, - { - "name" : "44390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44390" - }, - { - "name" : "topsitesphp-index-xss(62767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44390" + }, + { + "name": "20101024 Aardvark Topsite XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514423/100/0/threaded" + }, + { + "name": "topsitesphp-index-xss(62767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62767" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4123.json b/2010/4xxx/CVE-2010-4123.json index 539fa3a1393..6c160ff54b3 100644 --- a/2010/4xxx/CVE-2010-4123.json +++ b/2010/4xxx/CVE-2010-4123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4123", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4123", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4124.json b/2010/4xxx/CVE-2010-4124.json index c06fe22c4e8..479cd7640aa 100644 --- a/2010/4xxx/CVE-2010-4124.json +++ b/2010/4xxx/CVE-2010-4124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4124", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-4124", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4311.json b/2010/4xxx/CVE-2010-4311.json index ab13e7ec045..04c4bd8de8a 100644 --- a/2010/4xxx/CVE-2010-4311.json +++ b/2010/4xxx/CVE-2010-4311.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514863/100/0/threaded" - }, - { - "name" : "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/", - "refsource" : "MISC", - "url" : "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/", + "refsource": "MISC", + "url": "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/" + }, + { + "name": "20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514863/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0362.json b/2014/0xxx/CVE-2014-0362.json index 48473db5c4d..560658535a2 100644 --- a/2014/0xxx/CVE-2014-0362.json +++ b/2014/0xxx/CVE-2014-0362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-0362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#673313", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/673313" - }, - { - "name" : "67176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67176" + }, + { + "name": "VU#673313", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/673313" + } + ] + } +} \ No newline at end of file diff --git a/2014/0xxx/CVE-2014-0632.json b/2014/0xxx/CVE-2014-0632.json index e5296902156..1eb721a9bf6 100644 --- a/2014/0xxx/CVE-2014-0632.json +++ b/2014/0xxx/CVE-2014-0632.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-0632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" - }, - { - "name" : "66513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66513" + }, + { + "name": "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10056.json b/2014/10xxx/CVE-2014-10056.json index 654a022d930..e2784134c18 100644 --- a/2014/10xxx/CVE-2014-10056.json +++ b/2014/10xxx/CVE-2014-10056.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2014-10056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 210/SD 212/SD 205" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow vulnerability when using OpenCL-CPU" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2014-10056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 210/SD 212/SD 205" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow vulnerability when using OpenCL-CPU" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4768.json b/2014/4xxx/CVE-2014-4768.json index 082b4fb84ba..53d6e133f40 100644 --- a/2014/4xxx/CVE-2014-4768.json +++ b/2014/4xxx/CVE-2014-4768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-4768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-4768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8148.json b/2014/8xxx/CVE-2014-8148.json index b22298983f7..4bb4e2c4168 100644 --- a/2014/8xxx/CVE-2014-8148.json +++ b/2014/8xxx/CVE-2014-8148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-8148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150105 CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/01/05/2" - }, - { - "name" : "openSUSE-SU-2015:0111", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html" - }, - { - "name" : "openSUSE-SU-2015:0300", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20150105 CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/01/05/2" + }, + { + "name": "openSUSE-SU-2015:0111", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html" + }, + { + "name": "openSUSE-SU-2015:0300", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8692.json b/2014/8xxx/CVE-2014-8692.json index 182fecb8ee7..957ebd9ce0c 100644 --- a/2014/8xxx/CVE-2014-8692.json +++ b/2014/8xxx/CVE-2014-8692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9350.json b/2014/9xxx/CVE-2014-9350.json index 0ed01993006..ace368809a4 100644 --- a/2014/9xxx/CVE-2014-9350.json +++ b/2014/9xxx/CVE-2014-9350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a \"new\" value in the isNew parameter to PingIframeRpm.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35345", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35345" - }, - { - "name" : "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php" - }, - { - "name" : "115017", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/115017" - }, - { - "name" : "tlwr740n-pingiframerpm-dos(98927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a \"new\" value in the isNew parameter to PingIframeRpm.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tlwr740n-pingiframerpm-dos(98927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98927" + }, + { + "name": "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php" + }, + { + "name": "35345", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35345" + }, + { + "name": "115017", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/115017" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9353.json b/2014/9xxx/CVE-2014-9353.json index 977f4813504..5934d0da1ed 100644 --- a/2014/9xxx/CVE-2014-9353.json +++ b/2014/9xxx/CVE-2014-9353.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand Balance before 4.2P2 contains a \"default privileged account,\" which allows remote attackers to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/index?page=content&id=9010020", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/index?page=content&id=9010020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand Balance before 4.2P2 contains a \"default privileged account,\" which allows remote attackers to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/index?page=content&id=9010020", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/index?page=content&id=9010020" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9360.json b/2014/9xxx/CVE-2014-9360.json index 4d6d1de7522..e0011c27562 100644 --- a/2014/9xxx/CVE-2014-9360.json +++ b/2014/9xxx/CVE-2014-9360.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533861/100/0/threaded" - }, - { - "name" : "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/133" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533861/100/0/threaded" + }, + { + "name": "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/133" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9718.json b/2014/9xxx/CVE-2014-9718.json index decc473ea83..2fb135ccef6 100644 --- a/2014/9xxx/CVE-2014-9718.json +++ b/2014/9xxx/CVE-2014-9718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-9718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2015/04/20/7" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8" - }, - { - "name" : "DSA-3259", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3259" - }, - { - "name" : "73316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3259", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3259" + }, + { + "name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2015/04/20/7" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8" + }, + { + "name": "73316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73316" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3616.json b/2016/3xxx/CVE-2016-3616.json index 3179e5cf62d..199fd8798b4 100644 --- a/2016/3xxx/CVE-2016-3616.json +++ b/2016/3xxx/CVE-2016-3616.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318509" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319661" - }, - { - "name" : "USN-3706-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3706-1/" - }, - { - "name" : "USN-3706-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3706-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3706-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3706-2/" + }, + { + "name": "USN-3706-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3706-1/" + }, + { + "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318509" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3691.json b/2016/3xxx/CVE-2016-3691.json index e1d7b79d9dd..c4a1e7e37fb 100644 --- a/2016/3xxx/CVE-2016-3691.json +++ b/2016/3xxx/CVE-2016-3691.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-3691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/02/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/02/3" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3803.json b/2016/3xxx/CVE-2016-3803.json index d9e8c2b599f..791c07e90ba 100644 --- a/2016/3xxx/CVE-2016-3803.json +++ b/2016/3xxx/CVE-2016-3803.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-3803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/3xxx/CVE-2016-3967.json b/2016/3xxx/CVE-2016-3967.json index 01a1ac7a29a..5c23a7cc761 100644 --- a/2016/3xxx/CVE-2016-3967.json +++ b/2016/3xxx/CVE-2016-3967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-3967", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-3967", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6291.json b/2016/6xxx/CVE-2016-6291.json index 8d3ea047407..8380e6b0b47 100644 --- a/2016/6xxx/CVE-2016-6291.json +++ b/2016/6xxx/CVE-2016-6291.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2016/07/24/2" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/72603", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/72603" - }, - { - "name" : "https://support.apple.com/HT207170", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207170" - }, - { - "name" : "APPLE-SA-2016-09-20", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" - }, - { - "name" : "DSA-3631", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3631" - }, - { - "name" : "GLSA-201611-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-22" - }, - { - "name" : "RHSA-2016:2750", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" - }, - { - "name" : "92073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92073" - }, - { - "name" : "1036430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519" + }, + { + "name": "APPLE-SA-2016-09-20", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" + }, + { + "name": "GLSA-201611-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-22" + }, + { + "name": "RHSA-2016:2750", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "https://bugs.php.net/72603", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/72603" + }, + { + "name": "92073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92073" + }, + { + "name": "1036430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036430" + }, + { + "name": "DSA-3631", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3631" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2016/07/24/2" + }, + { + "name": "https://support.apple.com/HT207170", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207170" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6362.json b/2016/6xxx/CVE-2016-6362.json index a4bc2a9e344..9f7eec9521a 100644 --- a/2016/6xxx/CVE-2016-6362.json +++ b/2016/6xxx/CVE-2016-6362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1" - }, - { - "name" : "92513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92513" - }, - { - "name" : "1036644", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036644", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036644" + }, + { + "name": "92513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92513" + }, + { + "name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6705.json b/2016/6xxx/CVE-2016-6705.json index 7e638274777..ebef66c2fa0 100644 --- a/2016/6xxx/CVE-2016-6705.json +++ b/2016/6xxx/CVE-2016-6705.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "94134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "94134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94134" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6918.json b/2016/6xxx/CVE-2016-6918.json index 651ecaf9789..09f331bb358 100644 --- a/2016/6xxx/CVE-2016-6918.json +++ b/2016/6xxx/CVE-2016-6918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7914.json b/2016/7xxx/CVE-2016-7914.json index 73891fb83ce..eea2850e2b1 100644 --- a/2016/7xxx/CVE-2016-7914.json +++ b/2016/7xxx/CVE-2016-7914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-7914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-11-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-11-01.html" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" - }, - { - "name" : "RHSA-2016:2574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" - }, - { - "name" : "94138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-11-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-11-01.html" + }, + { + "name": "RHSA-2016:2574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3" + }, + { + "name": "94138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94138" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" + } + ] + } +} \ No newline at end of file diff --git a/2016/7xxx/CVE-2016-7982.json b/2016/7xxx/CVE-2016-7982.json index a7eed20accd..252d060a83f 100644 --- a/2016/7xxx/CVE-2016-7982.json +++ b/2016/7xxx/CVE-2016-7982.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-7982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-7982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/05/17" - }, - { - "name" : "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/06/6" - }, - { - "name" : "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/12/8" - }, - { - "name" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" - }, - { - "name" : "https://core.spip.net/projects/spip/repository/revisions/23200", - "refsource" : "CONFIRM", - "url" : "https://core.spip.net/projects/spip/repository/revisions/23200" - }, - { - "name" : "93451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93451" + }, + { + "name": "https://core.spip.net/projects/spip/repository/revisions/23200", + "refsource": "CONFIRM", + "url": "https://core.spip.net/projects/spip/repository/revisions/23200" + }, + { + "name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/06/6" + }, + { + "name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/05/17" + }, + { + "name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" + }, + { + "name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/12/8" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8106.json b/2016/8xxx/CVE-2016-8106.json index 7490eca448a..ee5c091da59 100644 --- a/2016/8xxx/CVE-2016-8106.json +++ b/2016/8xxx/CVE-2016-8106.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2016-8106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family", - "version" : { - "version_data" : [ - { - "version_value" : "Before NVM Version 5.05" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2016-8106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel\u00c2\u00ae Ethernet Controller X710 family and Intel\u00c2\u00ae Ethernet Controller XL710 family", + "version": { + "version_data": [ + { + "version_value": "Before NVM Version 5.05" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-12029", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-12029" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22002507", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22002507" - }, - { - "name" : "95333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95333" - }, - { - "name" : "1037562", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95333" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22002507", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22002507" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-12029", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-12029" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378" + }, + { + "name": "1037562", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037562" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8568.json b/2016/8xxx/CVE-2016-8568.json index fa4c5c37e2c..5a17b28b167 100644 --- a/2016/8xxx/CVE-2016-8568.json +++ b/2016/8xxx/CVE-2016-8568.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/08/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211" - }, - { - "name" : "https://github.com/libgit2/libgit2/issues/3936", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/issues/3936" - }, - { - "name" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3", - "refsource" : "CONFIRM", - "url" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3" - }, - { - "name" : "FEDORA-2016-505d7fe198", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/" - }, - { - "name" : "FEDORA-2016-616a35205b", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/" - }, - { - "name" : "FEDORA-2016-bc51f4636f", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/" - }, - { - "name" : "openSUSE-SU-2016:3097", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html" - }, - { - "name" : "openSUSE-SU-2017:0184", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html" - }, - { - "name" : "openSUSE-SU-2017:0195", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html" - }, - { - "name" : "openSUSE-SU-2017:0208", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html" - }, - { - "name" : "93466", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211" + }, + { + "name": "FEDORA-2016-616a35205b", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/" + }, + { + "name": "https://github.com/libgit2/libgit2/issues/3936", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/issues/3936" + }, + { + "name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/08/7" + }, + { + "name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3", + "refsource": "CONFIRM", + "url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3" + }, + { + "name": "openSUSE-SU-2016:3097", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html" + }, + { + "name": "FEDORA-2016-505d7fe198", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/" + }, + { + "name": "openSUSE-SU-2017:0208", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html" + }, + { + "name": "openSUSE-SU-2017:0195", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html" + }, + { + "name": "openSUSE-SU-2017:0184", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html" + }, + { + "name": "FEDORA-2016-bc51f4636f", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/" + }, + { + "name": "93466", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93466" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8602.json b/2016/8xxx/CVE-2016-8602.json index ebdf475229c..6e0982ea107 100644 --- a/2016/8xxx/CVE-2016-8602.json +++ b/2016/8xxx/CVE-2016-8602.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/11/7" - }, - { - "name" : "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/11/5" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697203", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697203" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383940", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383940" - }, - { - "name" : "https://ghostscript.com/doc/9.21/History9.htm", - "refsource" : "CONFIRM", - "url" : "https://ghostscript.com/doc/9.21/History9.htm" - }, - { - "name" : "DSA-3691", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3691" - }, - { - "name" : "GLSA-201702-31", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-31" - }, - { - "name" : "RHSA-2017:0013", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0013.html" - }, - { - "name" : "RHSA-2017:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0014.html" - }, - { - "name" : "95311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3691", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3691" + }, + { + "name": "95311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95311" + }, + { + "name": "RHSA-2017:0013", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html" + }, + { + "name": "RHSA-2017:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html" + }, + { + "name": "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/11/7" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697203", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697203" + }, + { + "name": "https://ghostscript.com/doc/9.21/History9.htm", + "refsource": "CONFIRM", + "url": "https://ghostscript.com/doc/9.21/History9.htm" + }, + { + "name": "GLSA-201702-31", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-31" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383940", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383940" + }, + { + "name": "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/11/5" + } + ] + } +} \ No newline at end of file diff --git a/2016/8xxx/CVE-2016-8701.json b/2016/8xxx/CVE-2016-8701.json index f3c963e23a5..d0dd78791fd 100644 --- a/2016/8xxx/CVE-2016-8701.json +++ b/2016/8xxx/CVE-2016-8701.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-8701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-8701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160818 potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" - }, - { - "name" : "[oss-security] 20161015 Re: potrace: multiple crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" - }, - { - "name" : "http://potrace.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://potrace.sourceforge.net/ChangeLog" - }, - { - "name" : "93778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93778" + }, + { + "name": "[oss-security] 20161015 Re: potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/10/16/12" + }, + { + "name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" + }, + { + "name": "[oss-security] 20160818 potrace: multiple crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/08/18/11" + }, + { + "name": "http://potrace.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://potrace.sourceforge.net/ChangeLog" + } + ] + } +} \ No newline at end of file