From 128269fbeeccc11cda8279abd1830d473c1b9800 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:31:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2169.json | 150 ++++++------- 2005/0xxx/CVE-2005-0476.json | 130 ++++++------ 2005/1xxx/CVE-2005-1037.json | 140 ++++++------- 2005/1xxx/CVE-2005-1300.json | 120 +++++------ 2005/1xxx/CVE-2005-1344.json | 180 ++++++++-------- 2005/1xxx/CVE-2005-1771.json | 140 ++++++------- 2005/1xxx/CVE-2005-1976.json | 160 +++++++------- 2005/4xxx/CVE-2005-4138.json | 140 ++++++------- 2005/4xxx/CVE-2005-4444.json | 190 ++++++++--------- 2005/4xxx/CVE-2005-4666.json | 170 +++++++-------- 2005/4xxx/CVE-2005-4832.json | 190 ++++++++--------- 2005/4xxx/CVE-2005-4855.json | 130 ++++++------ 2005/4xxx/CVE-2005-4874.json | 140 ++++++------- 2009/0xxx/CVE-2009-0282.json | 210 +++++++++---------- 2009/0xxx/CVE-2009-0310.json | 140 ++++++------- 2009/0xxx/CVE-2009-0414.json | 210 +++++++++---------- 2009/0xxx/CVE-2009-0544.json | 230 ++++++++++---------- 2009/0xxx/CVE-2009-0565.json | 190 ++++++++--------- 2009/0xxx/CVE-2009-0679.json | 140 ++++++------- 2009/0xxx/CVE-2009-0809.json | 150 ++++++------- 2009/1xxx/CVE-2009-1064.json | 150 ++++++------- 2009/1xxx/CVE-2009-1143.json | 34 +-- 2009/1xxx/CVE-2009-1372.json | 220 +++++++++---------- 2009/1xxx/CVE-2009-1946.json | 150 ++++++------- 2009/3xxx/CVE-2009-3193.json | 120 +++++------ 2009/4xxx/CVE-2009-4810.json | 150 ++++++------- 2009/4xxx/CVE-2009-4949.json | 140 ++++++------- 2009/5xxx/CVE-2009-5123.json | 120 +++++------ 2012/2xxx/CVE-2012-2272.json | 34 +-- 2012/2xxx/CVE-2012-2737.json | 250 +++++++++++----------- 2012/2xxx/CVE-2012-2829.json | 190 ++++++++--------- 2012/3xxx/CVE-2012-3613.json | 210 +++++++++---------- 2012/3xxx/CVE-2012-3906.json | 34 +-- 2012/6xxx/CVE-2012-6138.json | 34 +-- 2012/6xxx/CVE-2012-6444.json | 34 +-- 2012/6xxx/CVE-2012-6558.json | 150 ++++++------- 2015/5xxx/CVE-2015-5005.json | 160 +++++++------- 2015/5xxx/CVE-2015-5149.json | 150 ++++++------- 2015/5xxx/CVE-2015-5177.json | 160 +++++++------- 2015/5xxx/CVE-2015-5315.json | 150 ++++++------- 2015/5xxx/CVE-2015-5461.json | 170 +++++++-------- 2015/5xxx/CVE-2015-5465.json | 160 +++++++------- 2015/5xxx/CVE-2015-5556.json | 200 +++++++++--------- 2018/11xxx/CVE-2018-11465.json | 154 +++++++------- 2018/11xxx/CVE-2018-11710.json | 130 ++++++------ 2018/15xxx/CVE-2018-15965.json | 140 ++++++------- 2018/3xxx/CVE-2018-3319.json | 34 +-- 2018/3xxx/CVE-2018-3355.json | 34 +-- 2018/3xxx/CVE-2018-3580.json | 122 +++++------ 2018/8xxx/CVE-2018-8145.json | 372 ++++++++++++++++----------------- 2018/8xxx/CVE-2018-8171.json | 204 +++++++++--------- 2018/8xxx/CVE-2018-8471.json | 298 +++++++++++++------------- 2018/8xxx/CVE-2018-8652.json | 130 ++++++------ 2018/8xxx/CVE-2018-8726.json | 34 +-- 54 files changed, 4036 insertions(+), 4036 deletions(-) diff --git a/2002/2xxx/CVE-2002-2169.json b/2002/2xxx/CVE-2002-2169.json index 9228e0bec8b..6d264771eca 100644 --- a/2002/2xxx/CVE-2002-2169.json +++ b/2002/2xxx/CVE-2002-2169.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV=\"refresh\" tag to an aim: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020716 AIM forced behavior \"issue\"", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/282443" - }, - { - "name" : "http://www.mindflip.org/aim.html", - "refsource" : "MISC", - "url" : "http://www.mindflip.org/aim.html" - }, - { - "name" : "aim-http-refresh-functions(9616)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9616.php" - }, - { - "name" : "5246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV=\"refresh\" tag to an aim: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aim-http-refresh-functions(9616)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9616.php" + }, + { + "name": "http://www.mindflip.org/aim.html", + "refsource": "MISC", + "url": "http://www.mindflip.org/aim.html" + }, + { + "name": "20020716 AIM forced behavior \"issue\"", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/282443" + }, + { + "name": "5246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5246" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0476.json b/2005/0xxx/CVE-2005-0476.json index c2efc0a1fe2..7223d29cc65 100644 --- a/2005/0xxx/CVE-2005-0476.json +++ b/2005/0xxx/CVE-2005-0476.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050217 hpm_guestbook.cgi JavaScript-Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110869187805397&w=2" - }, - { - "name" : "hpm-guestbook-xss(19372)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050217 hpm_guestbook.cgi JavaScript-Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110869187805397&w=2" + }, + { + "name": "hpm-guestbook-xss(19372)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19372" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1037.json b/2005/1xxx/CVE-2005-1037.json index 42606b3570e..94d0760e18b 100644 --- a/2005/1xxx/CVE-2005-1037.json +++ b/2005/1xxx/CVE-2005-1037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY68825", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY68825&apar=only" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en" - }, - { - "name" : "14856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY68825", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY68825&apar=only" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en" + }, + { + "name": "14856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14856" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1300.json b/2005/1xxx/CVE-2005-1300.json index 1f4eca4d3e6..3e37c300ca8 100644 --- a/2005/1xxx/CVE-2005-1300.json +++ b/2005/1xxx/CVE-2005-1300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050425 remote command execution in inserter.cgi script", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111444807013846&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050425 remote command execution in inserter.cgi script", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111444807013846&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1344.json b/2005/1xxx/CVE-2005-1344.json index 02c30453929..55ead9b4f3c 100644 --- a/2005/1xxx/CVE-2005-1344.json +++ b/2005/1xxx/CVE-2005-1344.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.lucaercoli.it/advs/htdigest.txt", - "refsource" : "MISC", - "url" : "http://www.lucaercoli.it/advs/htdigest.txt" - }, - { - "name" : "APPLE-SA-2005-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5EP061FEKC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5EP061FEKC.html" - }, - { - "name" : "13537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13537" - }, - { - "name" : "12848", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" + }, + { + "name": "http://www.lucaercoli.it/advs/htdigest.txt", + "refsource": "MISC", + "url": "http://www.lucaercoli.it/advs/htdigest.txt" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "12848", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12848" + }, + { + "name": "http://www.securiteam.com/unixfocus/5EP061FEKC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5EP061FEKC.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "13537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13537" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1771.json b/2005/1xxx/CVE-2005-1771.json index cf5e664fcf3..4790a7d5909 100644 --- a/2005/1xxx/CVE-2005-1771.json +++ b/2005/1xxx/CVE-2005-1771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX01165", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=111713178014478&w=2" - }, - { - "name" : "SSRT5899", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=111713178014478&w=2" - }, - { - "name" : "1014060", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1014060", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014060" + }, + { + "name": "HPSBUX01165", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=111713178014478&w=2" + }, + { + "name": "SSRT5899", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=111713178014478&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1976.json b/2005/1xxx/CVE-2005-1976.json index 87d5800f713..c9368b2a20c 100644 --- a/2005/1xxx/CVE-2005-1976.json +++ b/2005/1xxx/CVE-2005-1976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm" - }, - { - "name" : "14005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14005" - }, - { - "name" : "17456", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17456" - }, - { - "name" : "1014251", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014251" - }, - { - "name" : "15763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14005" + }, + { + "name": "15763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15763" + }, + { + "name": "17456", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17456" + }, + { + "name": "1014251", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014251" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4138.json b/2005/4xxx/CVE-2005-4138.json index f4738161186..2e76f0378c6 100644 --- a/2005/4xxx/CVE-2005-4138.json +++ b/2005/4xxx/CVE-2005-4138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051207 BUGTRAQ:20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418837/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-149.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-149.html" - }, - { - "name" : "15763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kapda.ir/advisory-149.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-149.html" + }, + { + "name": "15763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15763" + }, + { + "name": "20051207 BUGTRAQ:20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418837/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4444.json b/2005/4xxx/CVE-2005-4444.json index 025b37ab537..573eb0a2b54 100644 --- a/2005/4xxx/CVE-2005-4444.json +++ b/2005/4xxx/CVE-2005-4444.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051220 Secunia Research: Pegasus Mail Buffer Overflow and Off-by-OneVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419908/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2005-61/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2005-61/advisory/" - }, - { - "name" : "http://www.pmail.com/newsflash.htm#secunia", - "refsource" : "CONFIRM", - "url" : "http://www.pmail.com/newsflash.htm#secunia" - }, - { - "name" : "15973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15973" - }, - { - "name" : "ADV-2005-3004", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3004" - }, - { - "name" : "21842", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21842" - }, - { - "name" : "1015385", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015385" - }, - { - "name" : "17992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21842", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21842" + }, + { + "name": "ADV-2005-3004", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3004" + }, + { + "name": "http://secunia.com/secunia_research/2005-61/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2005-61/advisory/" + }, + { + "name": "20051220 Secunia Research: Pegasus Mail Buffer Overflow and Off-by-OneVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419908/100/0/threaded" + }, + { + "name": "1015385", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015385" + }, + { + "name": "17992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17992" + }, + { + "name": "15973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15973" + }, + { + "name": "http://www.pmail.com/newsflash.htm#secunia", + "refsource": "CONFIRM", + "url": "http://www.pmail.com/newsflash.htm#secunia" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4666.json b/2005/4xxx/CVE-2005-4666.json index 4bbbd33444e..6fb6956de7d 100644 --- a/2005/4xxx/CVE-2005-4666.json +++ b/2005/4xxx/CVE-2005-4666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phlymail.de/forum/viewtopic.php?t=842", - "refsource" : "CONFIRM", - "url" : "http://phlymail.de/forum/viewtopic.php?t=842" - }, - { - "name" : "16310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16310" - }, - { - "name" : "ADV-2006-0261", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0261" - }, - { - "name" : "20975", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20975" - }, - { - "name" : "18536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18536" - }, - { - "name" : "phlymail-unknown-xss(24237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20975", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20975" + }, + { + "name": "phlymail-unknown-xss(24237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24237" + }, + { + "name": "16310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16310" + }, + { + "name": "18536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18536" + }, + { + "name": "ADV-2006-0261", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0261" + }, + { + "name": "http://phlymail.de/forum/viewtopic.php?t=842", + "refsource": "CONFIRM", + "url": "http://phlymail.de/forum/viewtopic.php?t=842" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4832.json b/2005/4xxx/CVE-2005-4832.json index 45e932264b6..427c427ffa1 100644 --- a/2005/4xxx/CVE-2005-4832.json +++ b/2005/4xxx/CVE-2005-4832.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/396133" - }, - { - "name" : "20050711 Re: Problems with the Oracle Critical Patch Update for April 2005", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/404970" - }, - { - "name" : "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html", - "refsource" : "MISC", - "url" : "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html" - }, - { - "name" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt", - "refsource" : "MISC", - "url" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt" - }, - { - "name" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql", - "refsource" : "MISC", - "url" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" - }, - { - "name" : "13236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13236" - }, - { - "name" : "oracle-subscriptionname-sql-injection(20159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/396133" + }, + { + "name": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql", + "refsource": "MISC", + "url": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql" + }, + { + "name": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt", + "refsource": "MISC", + "url": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt" + }, + { + "name": "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html", + "refsource": "MISC", + "url": "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html" + }, + { + "name": "20050711 Re: Problems with the Oracle Critical Patch Update for April 2005", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/404970" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" + }, + { + "name": "13236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13236" + }, + { + "name": "oracle-subscriptionname-sql-injection(20159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20159" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4855.json b/2005/4xxx/CVE-2005-4855.json index 33956911991..091e301dee6 100644 --- a/2005/4xxx/CVE-2005-4855.json +++ b/2005/4xxx/CVE-2005-4855.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" - }, - { - "name" : "http://issues.ez.no/5984", - "refsource" : "CONFIRM", - "url" : "http://issues.ez.no/5984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0" + }, + { + "name": "http://issues.ez.no/5984", + "refsource": "CONFIRM", + "url": "http://issues.ez.no/5984" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4874.json b/2005/4xxx/CVE-2005-4874.json index efa6a269f18..4aa2fb31d37 100644 --- a/2005/4xxx/CVE-2005-4874.json +++ b/2005/4xxx/CVE-2005-4874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=297078" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302489" - }, - { - "name" : "mozilla-xmlhttprequest-info-disclosure(41553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078" + }, + { + "name": "mozilla-xmlhttprequest-info-disclosure(41553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0282.json b/2009/0xxx/CVE-2009-0282.json index 7505fc9327d..a6a799d3c03 100644 --- a/2009/0xxx/CVE-2009-0282.json +++ b/2009/0xxx/CVE-2009-0282.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090118 Ralinktech wireless cards drivers vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500168/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995" - }, - { - "name" : "DSA-1712", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1712" - }, - { - "name" : "DSA-1713", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1713" - }, - { - "name" : "DSA-1714", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1714" - }, - { - "name" : "GLSA-200907-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200907-08.xml" - }, - { - "name" : "33340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33340" - }, - { - "name" : "33592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33592" - }, - { - "name" : "33699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33699" - }, - { - "name" : "35743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33592" + }, + { + "name": "20090118 Ralinktech wireless cards drivers vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500168/100/0/threaded" + }, + { + "name": "DSA-1714", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1714" + }, + { + "name": "33340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33340" + }, + { + "name": "DSA-1712", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1712" + }, + { + "name": "DSA-1713", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1713" + }, + { + "name": "33699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33699" + }, + { + "name": "35743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35743" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995" + }, + { + "name": "GLSA-200907-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200907-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0310.json b/2009/0xxx/CVE-2009-0310.json index 3557022bd29..e1f81984944 100644 --- a/2009/0xxx/CVE-2009-0310.json +++ b/2009/0xxx/CVE-2009-0310.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to \"incoming data and authentication-strings.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "33794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33794" - }, - { - "name" : "suse-blinux-bo(48797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to \"incoming data and authentication-strings.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33794" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "suse-blinux-bo(48797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48797" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0414.json b/2009/0xxx/CVE-2009-0414.json index 7ddcb247afe..14b5b5f1560 100644 --- a/2009/0xxx/CVE-2009-0414.json +++ b/2009/0xxx/CVE-2009-0414.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20090122 Tor 0.2.0.33 is released", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2009/msg00000.html" - }, - { - "name" : "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released" - }, - { - "name" : "FEDORA-2009-0897", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00902.html" - }, - { - "name" : "GLSA-200904-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200904-11.xml" - }, - { - "name" : "33399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33399" - }, - { - "name" : "34583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34583" - }, - { - "name" : "ADV-2009-0210", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0210" - }, - { - "name" : "1021633", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021633" - }, - { - "name" : "33635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33635" - }, - { - "name" : "33677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0210", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0210" + }, + { + "name": "34583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34583" + }, + { + "name": "[or-announce] 20090122 Tor 0.2.0.33 is released", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2009/msg00000.html" + }, + { + "name": "33677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33677" + }, + { + "name": "FEDORA-2009-0897", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00902.html" + }, + { + "name": "33399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33399" + }, + { + "name": "33635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33635" + }, + { + "name": "GLSA-200904-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200904-11.xml" + }, + { + "name": "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released" + }, + { + "name": "1021633", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021633" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0544.json b/2009/0xxx/CVE-2009-0544.json index 7abc66bebba..88ebd0ba829 100644 --- a/2009/0xxx/CVE-2009-0544.json +++ b/2009/0xxx/CVE-2009-0544.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090207 CVE Request: pycrypto", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/07/1" - }, - { - "name" : "[oss-security] 20090212 Re: CVE Request: pycrypto", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/02/12/5" - }, - { - "name" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b", - "refsource" : "CONFIRM", - "url" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b" - }, - { - "name" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d", - "refsource" : "CONFIRM", - "url" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d" - }, - { - "name" : "GLSA-200903-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml" - }, - { - "name" : "MDVSA-2009:049", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:049" - }, - { - "name" : "MDVSA-2009:050", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:050" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "33674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33674" - }, - { - "name" : "34199", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34199" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "pycrypto-arc2module-bo(48617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:050", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:050" + }, + { + "name": "pycrypto-arc2module-bo(48617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48617" + }, + { + "name": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b", + "refsource": "CONFIRM", + "url": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b" + }, + { + "name": "MDVSA-2009:049", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:049" + }, + { + "name": "[oss-security] 20090207 CVE Request: pycrypto", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/07/1" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d", + "refsource": "CONFIRM", + "url": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d" + }, + { + "name": "34199", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34199" + }, + { + "name": "33674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33674" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "[oss-security] 20090212 Re: CVE Request: pycrypto", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/02/12/5" + }, + { + "name": "GLSA-200903-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0565.json b/2009/0xxx/CVE-2009-0565.json index bfd8b2fbede..35d9207c6f6 100644 --- a/2009/0xxx/CVE-2009-0565.json +++ b/2009/0xxx/CVE-2009-0565.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-0565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027" - }, - { - "name" : "TA09-160A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" - }, - { - "name" : "35190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35190" - }, - { - "name" : "54960", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54960" - }, - { - "name" : "oval:org.mitre.oval:def:6334", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334" - }, - { - "name" : "1022356", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022356" - }, - { - "name" : "8206", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8206" - }, - { - "name" : "ADV-2009-1546", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54960", + "refsource": "OSVDB", + "url": "http://osvdb.org/54960" + }, + { + "name": "8206", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8206" + }, + { + "name": "TA09-160A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" + }, + { + "name": "1022356", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022356" + }, + { + "name": "oval:org.mitre.oval:def:6334", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334" + }, + { + "name": "MS09-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027" + }, + { + "name": "ADV-2009-1546", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1546" + }, + { + "name": "35190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35190" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0679.json b/2009/0xxx/CVE-2009-0679.json index b60026d65bb..d65febc4da0 100644 --- a/2009/0xxx/CVE-2009-0679.json +++ b/2009/0xxx/CVE-2009-0679.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ravenphpscripts.com/postt17156.html", - "refsource" : "CONFIRM", - "url" : "http://ravenphpscripts.com/postt17156.html" - }, - { - "name" : "52299", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52299" - }, - { - "name" : "ravennuke-youraccount-xss(48978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ravenphpscripts.com/postt17156.html", + "refsource": "CONFIRM", + "url": "http://ravenphpscripts.com/postt17156.html" + }, + { + "name": "52299", + "refsource": "OSVDB", + "url": "http://osvdb.org/52299" + }, + { + "name": "ravennuke-youraccount-xss(48978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48978" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0809.json b/2009/0xxx/CVE-2009-0809.json index e79efb5afce..da0ba59bfca 100644 --- a/2009/0xxx/CVE-2009-0809.json +++ b/2009/0xxx/CVE-2009-0809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HD80332", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332" - }, - { - "name" : "33895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33895" - }, - { - "name" : "34037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34037" - }, - { - "name" : "ADV-2009-0525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34037" + }, + { + "name": "ADV-2009-0525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0525" + }, + { + "name": "HD80332", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332" + }, + { + "name": "33895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33895" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1064.json b/2009/1xxx/CVE-2009-1064.json index 4b0581cc479..843795ce059 100644 --- a/2009/1xxx/CVE-2009-1064.json +++ b/2009/1xxx/CVE-2009-1064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8257", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8257" - }, - { - "name" : "http://www.waraxe.us/advisory-73.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-73.html" - }, - { - "name" : "34200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34200" - }, - { - "name" : "orbitdownloader-activex-file-deletion(49353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/advisory-73.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-73.html" + }, + { + "name": "34200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34200" + }, + { + "name": "8257", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8257" + }, + { + "name": "orbitdownloader-activex-file-deletion(49353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49353" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1143.json b/2009/1xxx/CVE-2009-1143.json index 52da69349e2..e3cc95bf883 100644 --- a/2009/1xxx/CVE-2009-1143.json +++ b/2009/1xxx/CVE-2009-1143.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1143", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1143", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1372.json b/2009/1xxx/CVE-2009-1372.json index 22d071357c3..2827516941a 100644 --- a/2009/1xxx/CVE-2009-1372.json +++ b/2009/1xxx/CVE-2009-1372.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553" - }, - { - "name" : "http://support.apple.com/kb/HT3865", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3865" - }, - { - "name" : "APPLE-SA-2009-09-10-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" - }, - { - "name" : "MDVSA-2009:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097" - }, - { - "name" : "34446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34446" - }, - { - "name" : "53603", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53603" - }, - { - "name" : "1022028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022028" - }, - { - "name" : "34612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34612" - }, - { - "name" : "36701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36701" - }, - { - "name" : "ADV-2009-0985", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022028" + }, + { + "name": "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032" + }, + { + "name": "MDVSA-2009:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097" + }, + { + "name": "34612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34612" + }, + { + "name": "APPLE-SA-2009-09-10-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" + }, + { + "name": "ADV-2009-0985", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0985" + }, + { + "name": "34446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34446" + }, + { + "name": "http://support.apple.com/kb/HT3865", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3865" + }, + { + "name": "36701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36701" + }, + { + "name": "53603", + "refsource": "OSVDB", + "url": "http://osvdb.org/53603" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1946.json b/2009/1xxx/CVE-2009-1946.json index 0460581ee73..84a13cf6159 100644 --- a/2009/1xxx/CVE-2009-1946.json +++ b/2009/1xxx/CVE-2009-1946.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8851" - }, - { - "name" : "54832", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54832" - }, - { - "name" : "35315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35315" - }, - { - "name" : "adaptbb-latestposts-file-include(50893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8851" + }, + { + "name": "adaptbb-latestposts-file-include(50893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50893" + }, + { + "name": "54832", + "refsource": "OSVDB", + "url": "http://osvdb.org/54832" + }, + { + "name": "35315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35315" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3193.json b/2009/3xxx/CVE-2009-3193.json index 00c3e276103..e8ba30e3293 100644 --- a/2009/3xxx/CVE-2009-3193.json +++ b/2009/3xxx/CVE-2009-3193.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9534", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9534", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9534" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4810.json b/2009/4xxx/CVE-2009-4810.json index 4ffa5e0573e..bba130eba28 100644 --- a/2009/4xxx/CVE-2009-4810.json +++ b/2009/4xxx/CVE-2009-4810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.la-samhna.de/samhain/changeset/225", - "refsource" : "CONFIRM", - "url" : "http://trac.la-samhna.de/samhain/changeset/225" - }, - { - "name" : "http://trac.la-samhna.de/samhain/ticket/150", - "refsource" : "CONFIRM", - "url" : "http://trac.la-samhna.de/samhain/ticket/150" - }, - { - "name" : "34003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34003" - }, - { - "name" : "34104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34104" + }, + { + "name": "http://trac.la-samhna.de/samhain/ticket/150", + "refsource": "CONFIRM", + "url": "http://trac.la-samhna.de/samhain/ticket/150" + }, + { + "name": "http://trac.la-samhna.de/samhain/changeset/225", + "refsource": "CONFIRM", + "url": "http://trac.la-samhna.de/samhain/changeset/225" + }, + { + "name": "34003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34003" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4949.json b/2009/4xxx/CVE-2009-4949.json index 24732dc60ae..cf0a1c46504 100644 --- a/2009/4xxx/CVE-2009-4949.json +++ b/2009/4xxx/CVE-2009-4949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/extensions/repository/view/locator/1.2.8/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/locator/1.2.8/" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" - }, - { - "name" : "34573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34573" + }, + { + "name": "http://typo3.org/extensions/repository/view/locator/1.2.8/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/locator/1.2.8/" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5123.json b/2009/5xxx/CVE-2009-5123.json index d4971991ae4..faacf20c064 100644 --- a/2009/5xxx/CVE-2009-5123.json +++ b/2009/5xxx/CVE-2009-5123.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2272.json b/2012/2xxx/CVE-2012-2272.json index 0a79d8054fb..81a51475715 100644 --- a/2012/2xxx/CVE-2012-2272.json +++ b/2012/2xxx/CVE-2012-2272.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2272", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2272", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2737.json b/2012/2xxx/CVE-2012-2737.json index 525b37ec524..3c90e0a70b6 100644 --- a/2012/2xxx/CVE-2012-2737.json +++ b/2012/2xxx/CVE-2012-2737.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/28/9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=832532", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=832532" - }, - { - "name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5" - }, - { - "name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69" - }, - { - "name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d" - }, - { - "name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721" - }, - { - "name" : "FEDORA-2012-10120", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.html" - }, - { - "name" : "openSUSE-SU-2012:0845", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15100967" - }, - { - "name" : "USN-1485-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1485-1" - }, - { - "name" : "54223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54223" - }, - { - "name" : "83398", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83398" - }, - { - "name" : "49695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49695" - }, - { - "name" : "49759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49759" - }, - { - "name" : "accountsservice-userchangeicon-info-disc(76648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54223" + }, + { + "name": "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721" + }, + { + "name": "49695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49695" + }, + { + "name": "USN-1485-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1485-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=832532", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832532" + }, + { + "name": "49759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49759" + }, + { + "name": "83398", + "refsource": "OSVDB", + "url": "http://osvdb.org/83398" + }, + { + "name": "accountsservice-userchangeicon-info-disc(76648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76648" + }, + { + "name": "openSUSE-SU-2012:0845", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15100967" + }, + { + "name": "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5" + }, + { + "name": "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69" + }, + { + "name": "[oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/28/9" + }, + { + "name": "FEDORA-2012-10120", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.html" + }, + { + "name": "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2829.json b/2012/2xxx/CVE-2012-2829.json index 2ee27e29f4e..06863f3399d 100644 --- a/2012/2xxx/CVE-2012-2829.json +++ b/2012/2xxx/CVE-2012-2829.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=129947", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=129947" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "openSUSE-SU-2012:0813", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15075728" - }, - { - "name" : "oval:org.mitre.oval:def:15144", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "openSUSE-SU-2012:0813", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15075728" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=129947", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=129947" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:15144", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3613.json b/2012/3xxx/CVE-2012-3613.json index 074a1de2ef3..9e9a9e7b7dd 100644 --- a/2012/3xxx/CVE-2012-3613.json +++ b/2012/3xxx/CVE-2012-3613.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85407", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85407" - }, - { - "name" : "oval:org.mitre.oval:def:17224", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17224" - }, - { - "name" : "apple-itunes-webkit-cve20123613(78523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "85407", + "refsource": "OSVDB", + "url": "http://osvdb.org/85407" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "oval:org.mitre.oval:def:17224", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17224" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123613(78523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78523" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3906.json b/2012/3xxx/CVE-2012-3906.json index 44c2083d6a4..76daec0d5d2 100644 --- a/2012/3xxx/CVE-2012-3906.json +++ b/2012/3xxx/CVE-2012-3906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6138.json b/2012/6xxx/CVE-2012-6138.json index 3ff4dee7778..dd85f3e4012 100644 --- a/2012/6xxx/CVE-2012-6138.json +++ b/2012/6xxx/CVE-2012-6138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6138", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, CVE-2012-6549. Reason: This candidate is a duplicate of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549. Notes: All CVE users should reference one or more of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6138", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, CVE-2012-6549. Reason: This candidate is a duplicate of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549. Notes: All CVE users should reference one or more of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6444.json b/2012/6xxx/CVE-2012-6444.json index b3d2a289d7c..88cfa12e25b 100644 --- a/2012/6xxx/CVE-2012-6444.json +++ b/2012/6xxx/CVE-2012-6444.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6444", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6444", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6558.json b/2012/6xxx/CVE-2012-6558.json index e3ab3b50fdc..eb3cfb97b7e 100644 --- a/2012/6xxx/CVE-2012-6558.json +++ b/2012/6xxx/CVE-2012-6558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html", - "refsource" : "MISC", - "url" : "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html" - }, - { - "name" : "53618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53618" - }, - { - "name" : "49239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49239" - }, - { - "name" : "pe-explorer-pe-bo(75742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49239" + }, + { + "name": "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html", + "refsource": "MISC", + "url": "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html" + }, + { + "name": "pe-explorer-pe-bo(75742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75742" + }, + { + "name": "53618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53618" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5005.json b/2015/5xxx/CVE-2015-5005.json index dc8435f5e0b..23767e95830 100644 --- a/2015/5xxx/CVE-2015-5005.json +++ b/2015/5xxx/CVE-2015-5005.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an \"su root\" action by leveraging presence on the cluster-wide password-change list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc" - }, - { - "name" : "IV76943", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943" - }, - { - "name" : "IV76946", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946" - }, - { - "name" : "IV77007", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007" - }, - { - "name" : "76948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an \"su root\" action by leveraging presence on the cluster-wide password-change list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc" + }, + { + "name": "IV76946", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946" + }, + { + "name": "76948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76948" + }, + { + "name": "IV77007", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007" + }, + { + "name": "IV76943", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5149.json b/2015/5xxx/CVE-2015-5149.json index eb73f87ef13..143c9ddd29d 100644 --- a/2015/5xxx/CVE-2015-5149.json +++ b/2015/5xxx/CVE-2015-5149.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37322", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37322/" - }, - { - "name" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=1501", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=1501" - }, - { - "name" : "75512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "37322", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37322/" + }, + { + "name": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=1501", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=1501" + }, + { + "name": "75512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75512" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5177.json b/2015/5xxx/CVE-2015-5177.json index 03f724a6930..a42d8c96b7d 100644 --- a/2015/5xxx/CVE-2015-5177.json +++ b/2015/5xxx/CVE-2015-5177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251064", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251064" - }, - { - "name" : "DSA-3353", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2015/dsa-3353" - }, - { - "name" : "76635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76635" - }, - { - "name" : "1033719", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/" + }, + { + "name": "DSA-3353", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2015/dsa-3353" + }, + { + "name": "1033719", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033719" + }, + { + "name": "76635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76635" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5315.json b/2015/5xxx/CVE-2015-5315.json index 6c015e72874..38f0cba291f 100644 --- a/2015/5xxx/CVE-2015-5315.json +++ b/2015/5xxx/CVE-2015-5315.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10" - }, - { - "name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt" - }, - { - "name" : "DSA-3397", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2015/dsa-3397" - }, - { - "name" : "USN-2808-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2808-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2808-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2808-1" + }, + { + "name": "DSA-3397", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2015/dsa-3397" + }, + { + "name": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt", + "refsource": "CONFIRM", + "url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt" + }, + { + "name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/11/10/10" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5461.json b/2015/5xxx/CVE-2015-5461.json index 3dbe8d7d52e..d4ad171fe0b 100644 --- a/2015/5xxx/CVE-2015-5461.json +++ b/2015/5xxx/CVE-2015-5461.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150705 Open redirect vulnerability in StageShow Wordpress plugin v5.0.8", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/27" - }, - { - "name" : "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8073", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8073" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1165310/", - "refsource" : "CONFIRM", - "url" : "https://plugins.trac.wordpress.org/changeset/1165310/" - }, - { - "name" : "https://wordpress.org/plugins/stageshow/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/stageshow/changelog/" - }, - { - "name" : "75552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/stageshow/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/stageshow/changelog/" + }, + { + "name": "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html" + }, + { + "name": "20150705 Open redirect vulnerability in StageShow Wordpress plugin v5.0.8", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/27" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8073", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8073" + }, + { + "name": "75552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75552" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1165310/", + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1165310/" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5465.json b/2015/5xxx/CVE-2015-5465.json index f3e6d1ae6a0..8a4506f0578 100644 --- a/2015/5xxx/CVE-2015-5465.json +++ b/2015/5xxx/CVE-2015-5465.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536370/100/0/threaded" - }, - { - "name" : "38054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38054/" - }, - { - "name" : "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Sep/1" - }, - { - "name" : "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html" - }, - { - "name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt", - "refsource" : "MISC", - "url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536370/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html" + }, + { + "name": "38054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38054/" + }, + { + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt", + "refsource": "MISC", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt" + }, + { + "name": "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Sep/1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5556.json b/2015/5xxx/CVE-2015-5556.json index 87556cc38c3..2239e813e17 100644 --- a/2015/5xxx/CVE-2015-5556.json +++ b/2015/5xxx/CVE-2015-5556.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "RHSA-2015:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76288" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "76288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76288" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, + { + "name": "RHSA-2015:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11465.json b/2018/11xxx/CVE-2018-11465.json index 02ab7379a86..9cb9008c2f5 100644 --- a/2018/11xxx/CVE-2018-11465.json +++ b/2018/11xxx/CVE-2018-11465.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", - "version" : { - "version_data" : [ - { - "version_value" : "SINUMERIK 808D V4.7 : All versions" - }, - { - "version_value" : "SINUMERIK 808D V4.8 : All versions" - }, - { - "version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" - }, - { - "version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" - }, - { - "version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-248: Uncaught Exception" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", + "version": { + "version_data": [ + { + "version_value": "SINUMERIK 808D V4.7 : All versions" + }, + { + "version_value": "SINUMERIK 808D V4.8 : All versions" + }, + { + "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" + }, + { + "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" + }, + { + "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" - }, - { - "name" : "106185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248: Uncaught Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106185" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11710.json b/2018/11xxx/CVE-2018-11710.json index 4904895108c..e7eb1f35257 100644 --- a/2018/11xxx/CVE-2018-11710.json +++ b/2018/11xxx/CVE-2018-11710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/", - "refsource" : "CONFIRM", - "url" : "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/" - }, - { - "name" : "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150", - "refsource" : "CONFIRM", - "url" : "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/", + "refsource": "CONFIRM", + "url": "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/" + }, + { + "name": "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150", + "refsource": "CONFIRM", + "url": "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15965.json b/2018/15xxx/CVE-2018-15965.json index 2e8ae73dfca..a8d3d5d3fc4 100644 --- a/2018/15xxx/CVE-2018-15965.json +++ b/2018/15xxx/CVE-2018-15965.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ColdFusion", - "version" : { - "version_data" : [ - { - "version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of untrusted data" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ColdFusion", + "version": { + "version_data": [ + { + "version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" - }, - { - "name" : "105313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105313" - }, - { - "name" : "1041621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of untrusted data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html" + }, + { + "name": "1041621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041621" + }, + { + "name": "105313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105313" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3319.json b/2018/3xxx/CVE-2018-3319.json index 1a172626edd..6bcb44c2a4c 100644 --- a/2018/3xxx/CVE-2018-3319.json +++ b/2018/3xxx/CVE-2018-3319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3319", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3319", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3355.json b/2018/3xxx/CVE-2018-3355.json index 81a85ce4b0d..591f92f69ca 100644 --- a/2018/3xxx/CVE-2018-3355.json +++ b/2018/3xxx/CVE-2018-3355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3355", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3355", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3580.json b/2018/3xxx/CVE-2018-3580.json index 5da31c48151..ec19d45726b 100644 --- a/2018/3xxx/CVE-2018-3580.json +++ b/2018/3xxx/CVE-2018-3580.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2018-3580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2018-3580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8145.json b/2018/8xxx/CVE-2018-8145.json index 4908c9feee8..7726f735ac9 100644 --- a/2018/8xxx/CVE-2018-8145.json +++ b/2018/8xxx/CVE-2018-8145.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - }, - { - "product_name" : "Internet Explorer 11", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value" : "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows 8.1 for 32-bit systems" - }, - { - "version_value" : "Windows 8.1 for x64-based systems" - }, - { - "version_value" : "Windows RT 8.1" - }, - { - "version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value" : "Windows Server 2012 R2" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Internet Explorer 10", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45011", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45011/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145" - }, - { - "name" : "103986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103986" - }, - { - "name" : "1040844", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145" + }, + { + "name": "45011", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45011/" + }, + { + "name": "103986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103986" + }, + { + "name": "1040844", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040844" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8171.json b/2018/8xxx/CVE-2018-8171.json index 8cf5738d483..d4409282e8c 100644 --- a/2018/8xxx/CVE-2018-8171.json +++ b/2018/8xxx/CVE-2018-8171.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASP.NET", - "version" : { - "version_data" : [ - { - "version_value" : "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5" - }, - { - "version_value" : "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3" - } - ] - } - }, - { - "product_name" : "ASP.NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - }, - { - "version_value" : "1.1" - }, - { - "version_value" : "2.0" - } - ] - } - }, - { - "product_name" : "ASP.NET MVC 5.2", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Visual Studio 2013 Update 5" - }, - { - "version_value" : "Microsoft Visual Studio 2015 Update 3" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET", + "version": { + "version_data": [ + { + "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5" + }, + { + "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3" + } + ] + } + }, + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "1.0" + }, + { + "version_value": "1.1" + }, + { + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "ASP.NET MVC 5.2", + "version": { + "version_data": [ + { + "version_value": "Microsoft Visual Studio 2013 Update 5" + }, + { + "version_value": "Microsoft Visual Studio 2015 Update 3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171" - }, - { - "name" : "104659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104659" - }, - { - "name" : "1041267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041267" + }, + { + "name": "104659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104659" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8471.json b/2018/8xxx/CVE-2018-8471.json index 3249a2142ef..28ebb3e8fa4 100644 --- a/2018/8xxx/CVE-2018-8471.json +++ b/2018/8xxx/CVE-2018-8471.json @@ -1,151 +1,151 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2016" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "Version 1809 for 32-bit Systems" - }, - { - "version_value" : "Version 1809 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2019", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2019" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka \"Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2016" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "Version 1809 for 32-bit Systems" + }, + { + "version_value": "Version 1809 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471" - }, - { - "name" : "105800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105800" - }, - { - "name" : "1042121", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka \"Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042121", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042121" + }, + { + "name": "105800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105800" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8652.json b/2018/8xxx/CVE-2018-8652.json index 0a29ba7223b..a005b5e08ab 100644 --- a/2018/8xxx/CVE-2018-8652.json +++ b/2018/8xxx/CVE-2018-8652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Azure Pack Rollup 13.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Azure Pack Rollup 13.1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka \"Windows Azure Pack Cross Site Scripting Vulnerability.\" This affects Windows Azure Pack Rollup 13.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Azure Pack Rollup 13.1", + "version": { + "version_data": [ + { + "version_value": "Windows Azure Pack Rollup 13.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652" - }, - { - "name" : "106155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka \"Windows Azure Pack Cross Site Scripting Vulnerability.\" This affects Windows Azure Pack Rollup 13.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652" + }, + { + "name": "106155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106155" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8726.json b/2018/8xxx/CVE-2018-8726.json index 5576601c5f0..151e389bc6a 100644 --- a/2018/8xxx/CVE-2018-8726.json +++ b/2018/8xxx/CVE-2018-8726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file