diff --git a/2005/0xxx/CVE-2005-0161.json b/2005/0xxx/CVE-2005-0161.json index fcec587f0f8..c5185dc0cb4 100644 --- a/2005/0xxx/CVE-2005-0161.json +++ b/2005/0xxx/CVE-2005-0161.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050222 unace-1.2b multiple buffer overflows and directory traversal bugs", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html" - }, - { - "name" : "SUSE-SR:2005:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_16_sr.html" - }, - { - "name" : "12628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12628" - }, - { - "name" : "14359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14359" + }, + { + "name": "12628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12628" + }, + { + "name": "20050222 unace-1.2b multiple buffer overflows and directory traversal bugs", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html" + }, + { + "name": "SUSE-SR:2005:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_16_sr.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0681.json b/2005/0xxx/CVE-2005-0681.json index 558e310c837..e28d5f0137a 100644 --- a/2005/0xxx/CVE-2005-0681.json +++ b/2005/0xxx/CVE-2005-0681.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/securitynews/5PP0V00G1S.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5PP0V00G1S.html" - }, - { - "name" : "12743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12743" - }, - { - "name" : "14574", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14574" - }, - { - "name" : "1013380", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013380" - }, - { - "name" : "nokia-symbian-dos(19594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nokia-symbian-dos(19594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19594" + }, + { + "name": "http://www.securiteam.com/securitynews/5PP0V00G1S.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5PP0V00G1S.html" + }, + { + "name": "1013380", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013380" + }, + { + "name": "12743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12743" + }, + { + "name": "14574", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14574" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0797.json b/2005/0xxx/CVE-2005-0797.json index cc0b88006b9..78eb44e2851 100644 --- a/2005/0xxx/CVE-2005-0797.json +++ b/2005/0xxx/CVE-2005-0797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050315 [ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111091027000721&w=2" - }, - { - "name" : "http://www.infobyte.com.ar/adv/ISR-04.html", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/adv/ISR-04.html" - }, - { - "name" : "12811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12811" - }, - { - "name" : "14607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.infobyte.com.ar/adv/ISR-04.html", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/adv/ISR-04.html" + }, + { + "name": "20050315 [ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111091027000721&w=2" + }, + { + "name": "12811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12811" + }, + { + "name": "14607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14607" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0883.json b/2005/0xxx/CVE-2005-0883.json index f51f0a23482..765052e4e59 100644 --- a/2005/0xxx/CVE-2005-0883.json +++ b/2005/0xxx/CVE-2005-0883.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12883" - }, - { - "name" : "1013516", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013516" - }, - { - "name" : "14702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14702" - }, - { - "name" : "digitalhive-basephp-xss(19803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12883" + }, + { + "name": "14702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14702" + }, + { + "name": "digitalhive-basephp-xss(19803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19803" + }, + { + "name": "1013516", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013516" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2678.json b/2005/2xxx/CVE-2005-2678.json index bf2fe97ba67..6bae6ca942d 100644 --- a/2005/2xxx/CVE-2005-2678.json +++ b/2005/2xxx/CVE-2005-2678.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050822 Remote IIS 5.x and IIS 6.0 Server Name Spoof", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=112474727903399&w=2" - }, - { - "name" : "http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html", - "refsource" : "MISC", - "url" : "http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html" - }, - { - "name" : "ADV-2005-1503", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/1503" - }, - { - "name" : "16548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html", + "refsource": "MISC", + "url": "http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html" + }, + { + "name": "ADV-2005-1503", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/1503" + }, + { + "name": "16548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16548" + }, + { + "name": "20050822 Remote IIS 5.x and IIS 6.0 Server Name Spoof", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=112474727903399&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3144.json b/2005/3xxx/CVE-2005-3144.json index 2234e41db6d..b5724d88944 100644 --- a/2005/3xxx/CVE-2005-3144.json +++ b/2005/3xxx/CVE-2005-3144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=359700", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=359700" - }, - { - "name" : "14972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14972" - }, - { - "name" : "16975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/16975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=359700", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=359700" + }, + { + "name": "14972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14972" + }, + { + "name": "16975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/16975" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3347.json b/2005/3xxx/CVE-2005-3347.json index 1043c84e035..5f5948b3345 100644 --- a/2005/3xxx/CVE-2005-3347.json +++ b/2005/3xxx/CVE-2005-3347.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2005-3347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/416543" - }, - { - "name" : "http://www.hardened-php.net/advisory_212005.81.html", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisory_212005.81.html" - }, - { - "name" : "DSA-897", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-897" - }, - { - "name" : "DSA-898", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-898" - }, - { - "name" : "DSA-899", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-899" - }, - { - "name" : "GLSA-200511-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml" - }, - { - "name" : "MDKSA-2005:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" - }, - { - "name" : "15414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15414" - }, - { - "name" : "15396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15396" - }, - { - "name" : "17698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17698" - }, - { - "name" : "17441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17441" - }, - { - "name" : "17570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17570" - }, - { - "name" : "17584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17584" - }, - { - "name" : "17620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17620" - }, - { - "name" : "17616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17616" - }, - { - "name" : "17643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17643" - }, - { - "name" : "phpsysinfo-registerglobal-data-manipulation(23107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17616" + }, + { + "name": "MDKSA-2005:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212" + }, + { + "name": "15396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15396" + }, + { + "name": "GLSA-200511-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml" + }, + { + "name": "15414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15414" + }, + { + "name": "17698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17698" + }, + { + "name": "DSA-898", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-898" + }, + { + "name": "17441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17441" + }, + { + "name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/416543" + }, + { + "name": "DSA-897", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-897" + }, + { + "name": "17620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17620" + }, + { + "name": "17584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17584" + }, + { + "name": "http://www.hardened-php.net/advisory_212005.81.html", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisory_212005.81.html" + }, + { + "name": "17570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17570" + }, + { + "name": "DSA-899", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-899" + }, + { + "name": "17643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17643" + }, + { + "name": "phpsysinfo-registerglobal-data-manipulation(23107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3498.json b/2005/3xxx/CVE-2005-3498.json index 23f43a8f609..0d78bdd7658 100644 --- a/2005/3xxx/CVE-2005-3498.json +++ b/2005/3xxx/CVE-2005-3498.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980" - }, - { - "name" : "PK11017", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24010781" - }, - { - "name" : "15303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15303" - }, - { - "name" : "ADV-2005-2291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2291" - }, - { - "name" : "1015134", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980" + }, + { + "name": "15303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15303" + }, + { + "name": "1015134", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015134" + }, + { + "name": "PK11017", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24010781" + }, + { + "name": "ADV-2005-2291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2291" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4139.json b/2005/4xxx/CVE-2005-4139.json index 8baa95037bf..a4b92bdf7eb 100644 --- a/2005/4xxx/CVE-2005-4139.json +++ b/2005/4xxx/CVE-2005-4139.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/418837/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-149.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-149.html" - }, - { - "name" : "15763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15763" - }, - { - "name" : "21737", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21737" - }, - { - "name" : "21738", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21738" - }, - { - "name" : "21739", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21739" - }, - { - "name" : "238", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/238" - }, - { - "name" : "thwboard-multiple-scripts-sql-injection(23531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kapda.ir/advisory-149.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-149.html" + }, + { + "name": "238", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/238" + }, + { + "name": "20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/418837/100/0/threaded" + }, + { + "name": "21738", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21738" + }, + { + "name": "thwboard-multiple-scripts-sql-injection(23531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23531" + }, + { + "name": "21737", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21737" + }, + { + "name": "15763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15763" + }, + { + "name": "21739", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21739" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4319.json b/2005/4xxx/CVE-2005-4319.json index 639ab69e13a..fe743e14599 100644 --- a/2005/4xxx/CVE-2005-4319.json +++ b/2005/4xxx/CVE-2005-4319.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via \"..\" sequences in the option parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/419470/100/0/threaded" - }, - { - "name" : "http://rgod.altervista.org/limbo1042_xpl.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/limbo1042_xpl.html" - }, - { - "name" : "15871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15871/" - }, - { - "name" : "ADV-2005-2932", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2932" - }, - { - "name" : "21755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21755" - }, - { - "name" : "1015364", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015364" - }, - { - "name" : "18063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18063/" - }, - { - "name" : "255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via \"..\" sequences in the option parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18063/" + }, + { + "name": "1015364", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015364" + }, + { + "name": "http://rgod.altervista.org/limbo1042_xpl.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/limbo1042_xpl.html" + }, + { + "name": "255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/255" + }, + { + "name": "21755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21755" + }, + { + "name": "15871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15871/" + }, + { + "name": "20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/419470/100/0/threaded" + }, + { + "name": "ADV-2005-2932", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2932" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4439.json b/2005/4xxx/CVE-2005-4439.json index f8b1891f2b1..e7722520040 100644 --- a/2005/4xxx/CVE-2005-4439.json +++ b/2005/4xxx/CVE-2005-4439.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051219 elogd 2.6.0 overflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113498708213563&w=2" - }, - { - "name" : "DSA-967", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-967" - }, - { - "name" : "15932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15932" - }, - { - "name" : "ADV-2005-3000", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3000" - }, - { - "name" : "21844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/21844" - }, - { - "name" : "1015379", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015379" - }, - { - "name" : "18124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18124" - }, - { - "name" : "18783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18783" - }, - { - "name" : "elog-cmd-mode-bo(24703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24703" - }, - { - "name" : "elogd-http-request-bo(23838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18124" + }, + { + "name": "elog-cmd-mode-bo(24703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24703" + }, + { + "name": "elogd-http-request-bo(23838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23838" + }, + { + "name": "18783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18783" + }, + { + "name": "21844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/21844" + }, + { + "name": "ADV-2005-3000", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3000" + }, + { + "name": "20051219 elogd 2.6.0 overflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113498708213563&w=2" + }, + { + "name": "1015379", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015379" + }, + { + "name": "15932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15932" + }, + { + "name": "DSA-967", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-967" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4778.json b/2005/4xxx/CVE-2005-4778.json index 9c1b53afb92..0ecdb7a1420 100644 --- a/2005/4xxx/CVE-2005-4778.json +++ b/2005/4xxx/CVE-2005-4778.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified \"configuration problem,\" which allows local users to suspend the computer and possibly perform certain other unauthorized actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2005:022", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2005-Oct/0002.html" - }, - { - "name" : "15042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified \"configuration problem,\" which allows local users to suspend the computer and possibly perform certain other unauthorized actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SR:2005:022", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2005-Oct/0002.html" + }, + { + "name": "15042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15042" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0305.json b/2009/0xxx/CVE-2009-0305.json index 391f8fd771a..ac172569e25 100644 --- a/2009/0xxx/CVE-2009-0305.json +++ b/2009/0xxx/CVE-2009-0305.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blackberry.com/btsc/KB16248", - "refsource" : "CONFIRM", - "url" : "http://blackberry.com/btsc/KB16248" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/960715.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/960715.mspx" - }, - { - "name" : "VU#131100", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/131100" - }, - { - "name" : "33663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33663" - }, - { - "name" : "51833", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51833" - }, - { - "name" : "33847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33663" + }, + { + "name": "33847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33847" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/960715.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/960715.mspx" + }, + { + "name": "VU#131100", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/131100" + }, + { + "name": "51833", + "refsource": "OSVDB", + "url": "http://osvdb.org/51833" + }, + { + "name": "http://blackberry.com/btsc/KB16248", + "refsource": "CONFIRM", + "url": "http://blackberry.com/btsc/KB16248" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0791.json b/2009/0xxx/CVE-2009-0791.json index f60768b2b24..561e3109b3b 100644 --- a/2009/0xxx/CVE-2009-0791.json +++ b/2009/0xxx/CVE-2009-0791.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=491840", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=491840" - }, - { - "name" : "MDVSA-2009:334", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" - }, - { - "name" : "RHSA-2009:1083", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1083.html" - }, - { - "name" : "RHSA-2009:1500", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1500.html" - }, - { - "name" : "RHSA-2009:1501", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html" - }, - { - "name" : "RHSA-2009:1502", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html" - }, - { - "name" : "RHSA-2009:1503", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1503.html" - }, - { - "name" : "RHSA-2009:1512", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-1512.html" - }, - { - "name" : "SUSE-SR:2009:012", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" - }, - { - "name" : "35195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35195" - }, - { - "name" : "oval:org.mitre.oval:def:10534", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534" - }, - { - "name" : "1022326", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022326" - }, - { - "name" : "35340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35340" - }, - { - "name" : "35685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35685" - }, - { - "name" : "37023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37023" - }, - { - "name" : "37028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37028" - }, - { - "name" : "37037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37037" - }, - { - "name" : "37043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37043" - }, - { - "name" : "37077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37077" - }, - { - "name" : "37079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37079" - }, - { - "name" : "ADV-2009-1488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1488" - }, - { - "name" : "ADV-2009-2928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2928" - }, - { - "name" : "cups-pdftops-filter-bo(50941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022326", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022326" + }, + { + "name": "oval:org.mitre.oval:def:10534", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10534" + }, + { + "name": "35195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35195" + }, + { + "name": "37028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37028" + }, + { + "name": "35340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35340" + }, + { + "name": "RHSA-2009:1501", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html" + }, + { + "name": "37079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37079" + }, + { + "name": "ADV-2009-1488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1488" + }, + { + "name": "RHSA-2009:1512", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html" + }, + { + "name": "37077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37077" + }, + { + "name": "RHSA-2009:1503", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html" + }, + { + "name": "cups-pdftops-filter-bo(50941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50941" + }, + { + "name": "37037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37037" + }, + { + "name": "RHSA-2009:1502", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html" + }, + { + "name": "RHSA-2009:1500", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html" + }, + { + "name": "ADV-2009-2928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2928" + }, + { + "name": "37023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37023" + }, + { + "name": "35685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35685" + }, + { + "name": "SUSE-SR:2009:012", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" + }, + { + "name": "37043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37043" + }, + { + "name": "RHSA-2009:1083", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1083.html" + }, + { + "name": "MDVSA-2009:334", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491840", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491840" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3093.json b/2009/3xxx/CVE-2009-3093.json index fb4b3271cbd..1e62ccd4403 100644 --- a/2009/3xxx/CVE-2009-3093.json +++ b/2009/3xxx/CVE-2009-3093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://intevydis.com/vd-list.shtml", - "refsource" : "MISC", - "url" : "http://intevydis.com/vd-list.shtml" - }, - { - "name" : "36236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36236" - }, - { - "name" : "36439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36439" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36439" + }, + { + "name": "36236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36236" + }, + { + "name": "http://intevydis.com/vd-list.shtml", + "refsource": "MISC", + "url": "http://intevydis.com/vd-list.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3451.json b/2009/3xxx/CVE-2009-3451.json index 9448afb1517..fcd5a3a7c0e 100644 --- a/2009/3xxx/CVE-2009-3451.json +++ b/2009/3xxx/CVE-2009-3451.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090917 SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506555/100/0/threaded" - }, - { - "name" : "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt" - }, - { - "name" : "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339", - "refsource" : "CONFIRM", - "url" : "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339" - }, - { - "name" : "58196", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/58196" - }, - { - "name" : "23807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090917 SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506555/100/0/threaded" + }, + { + "name": "23807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23807" + }, + { + "name": "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339", + "refsource": "CONFIRM", + "url": "http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339" + }, + { + "name": "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt" + }, + { + "name": "58196", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/58196" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3829.json b/2009/3xxx/CVE-2009-3829.json index 06159a3c928..26504107e8c 100644 --- a/2009/3xxx/CVE-2009-3829.json +++ b/2009/3xxx/CVE-2009-3829.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an \"unsigned integer wrap vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849" - }, - { - "name" : "DSA-1942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1942" - }, - { - "name" : "VU#676492", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/676492" - }, - { - "name" : "oval:org.mitre.oval:def:5979", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979" - }, - { - "name" : "oval:org.mitre.oval:def:9945", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9945" - }, - { - "name" : "37409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37409" - }, - { - "name" : "37477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an \"unsigned integer wrap vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5979", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979" + }, + { + "name": "37477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37477" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364" + }, + { + "name": "37409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37409" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849" + }, + { + "name": "oval:org.mitre.oval:def:9945", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9945" + }, + { + "name": "DSA-1942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1942" + }, + { + "name": "VU#676492", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/676492" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4239.json b/2009/4xxx/CVE-2009-4239.json index 51bc94bf9d0..f66bf37dcf9 100644 --- a/2009/4xxx/CVE-2009-4239.json +++ b/2009/4xxx/CVE-2009-4239.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21406224", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21406224" - }, - { - "name" : "JR32573", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32573" - }, - { - "name" : "37246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37246" - }, - { - "name" : "60806", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/60806" - }, - { - "name" : "37556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37556" - }, - { - "name" : "ADV-2009-3432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3432" - }, - { - "name" : "ibm-iis-unspecified-xss(54608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224" + }, + { + "name": "ADV-2009-3432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3432" + }, + { + "name": "ibm-iis-unspecified-xss(54608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54608" + }, + { + "name": "37246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37246" + }, + { + "name": "JR32573", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR32573" + }, + { + "name": "37556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37556" + }, + { + "name": "60806", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/60806" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4377.json b/2009/4xxx/CVE-2009-4377.json index d1820fa56eb..1a21fbe6c9a 100644 --- a/2009/4xxx/CVE-2009-4377.json +++ b/2009/4xxx/CVE-2009-4377.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2009-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2009-09.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301" - }, - { - "name" : "DSA-1983", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1983" - }, - { - "name" : "FEDORA-2009-13592", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html" - }, - { - "name" : "MDVSA-2010:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" - }, - { - "name" : "37407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37407" - }, - { - "name" : "61178", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/61178" - }, - { - "name" : "oval:org.mitre.oval:def:9564", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564" - }, - { - "name" : "1023374", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023374" - }, - { - "name" : "37842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37842" - }, - { - "name" : "37916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37916" - }, - { - "name" : "ADV-2009-3596", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61178", + "refsource": "OSVDB", + "url": "http://osvdb.org/61178" + }, + { + "name": "DSA-1983", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1983" + }, + { + "name": "oval:org.mitre.oval:def:9564", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564" + }, + { + "name": "37916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37916" + }, + { + "name": "37842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37842" + }, + { + "name": "ADV-2009-3596", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3596" + }, + { + "name": "FEDORA-2009-13592", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html" + }, + { + "name": "37407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37407" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301" + }, + { + "name": "1023374", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023374" + }, + { + "name": "MDVSA-2010:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2009-09.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4702.json b/2009/4xxx/CVE-2009-4702.json index 5724ac4f195..ed12ed78e8f 100644 --- a/2009/4xxx/CVE-2009-4702.json +++ b/2009/4xxx/CVE-2009-4702.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4723.json b/2009/4xxx/CVE-2009-4723.json index e8e381f87eb..82e10a75a1a 100644 --- a/2009/4xxx/CVE-2009-4723.json +++ b/2009/4xxx/CVE-2009-4723.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9333", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9333" - }, - { - "name" : "ADV-2009-2125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9333", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9333" + }, + { + "name": "ADV-2009-2125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2125" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2679.json b/2012/2xxx/CVE-2012-2679.json index 2289ae7223d..5227375373d 100644 --- a/2012/2xxx/CVE-2012-2679.json +++ b/2012/2xxx/CVE-2012-2679.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=825275", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=825275" - }, - { - "name" : "RHSA-2012:1369", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1369.html" - }, - { - "name" : "55934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55934" - }, - { - "name" : "1027661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027661" - }, - { - "name" : "50978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50978" - }, - { - "name" : "netconfclient-rhncfgactions-info-disclosure(79260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=825275", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=825275" + }, + { + "name": "50978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50978" + }, + { + "name": "55934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55934" + }, + { + "name": "1027661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027661" + }, + { + "name": "netconfclient-rhncfgactions-info-disclosure(79260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79260" + }, + { + "name": "RHSA-2012:1369", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1369.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0225.json b/2015/0xxx/CVE-2015-0225.json index 58b65f325c4..b13808811e7 100644 --- a/2015/0xxx/CVE-2015-0225.json +++ b/2015/0xxx/CVE-2015-0225.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-0225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535154/100/0/threaded" - }, - { - "name" : "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html" - }, - { - "name" : "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html" - }, - { - "name" : "RHSA-2015:1947", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1947.html" - }, - { - "name" : "73478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73478" - }, - { - "name" : "1034002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html" + }, + { + "name": "RHSA-2015:1947", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html" + }, + { + "name": "73478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73478" + }, + { + "name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html" + }, + { + "name": "1034002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034002" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0483.json b/2015/0xxx/CVE-2015-0483.json index 2e654e4e70f..b18143af6b1 100644 --- a/2015/0xxx/CVE-2015-0483.json +++ b/2015/0xxx/CVE-2015-0483.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2015-0483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" - }, - { - "name" : "1032118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" + }, + { + "name": "1032118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032118" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0565.json b/2015/0xxx/CVE-2015-0565.json index d510e0e4f2f..f7db1bca11e 100644 --- a/2015/0xxx/CVE-2015-0565.json +++ b/2015/0xxx/CVE-2015-0565.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0565", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0565", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0852.json b/2015/0xxx/CVE-2015-0852.json index b4c930180cb..16d7e99cd9e 100644 --- a/2015/0xxx/CVE-2015-0852.json +++ b/2015/0xxx/CVE-2015-0852.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2015-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150828 CVE-2015-0852 [FreeImage] Integer overflow in PluginPCX.cpp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2015/08/28/1" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-3392", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3392" - }, - { - "name" : "FEDORA-2015-16106", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html" - }, - { - "name" : "FEDORA-2015-992342e82f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html" - }, - { - "name" : "FEDORA-2015-decbab7c9f", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html" - }, - { - "name" : "FEDORA-2015-16104", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html" - }, - { - "name" : "FEDORA-2015-16105", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html" - }, - { - "name" : "GLSA-201701-68", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-68" - }, - { - "name" : "1034077", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034077", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034077" + }, + { + "name": "FEDORA-2015-16105", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "FEDORA-2015-decbab7c9f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html" + }, + { + "name": "DSA-3392", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3392" + }, + { + "name": "FEDORA-2015-992342e82f", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html" + }, + { + "name": "FEDORA-2015-16104", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html" + }, + { + "name": "[oss-security] 20150828 CVE-2015-0852 [FreeImage] Integer overflow in PluginPCX.cpp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2015/08/28/1" + }, + { + "name": "FEDORA-2015-16106", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165" + }, + { + "name": "GLSA-201701-68", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-68" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1063.json b/2015/1xxx/CVE-2015-1063.json index dadf4f2606b..9f692d9dc5b 100644 --- a/2015/1xxx/CVE-2015-1063.json +++ b/2015/1xxx/CVE-2015-1063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204423", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204423" - }, - { - "name" : "APPLE-SA-2015-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html" - }, - { - "name" : "1031864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html" + }, + { + "name": "1031864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031864" + }, + { + "name": "https://support.apple.com/HT204423", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204423" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1280.json b/2015/1xxx/CVE-2015-1280.json index e2ed0fdce90..bf49cdac57b 100644 --- a/2015/1xxx/CVE-2015-1280.json +++ b/2015/1xxx/CVE-2015-1280.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=486947", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=486947" - }, - { - "name" : "https://codereview.chromium.org/1151663002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1151663002" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://codereview.chromium.org/1151663002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1151663002" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=486947", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=486947" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1427.json b/2015/1xxx/CVE-2015-1427.json index e9d69522bff..1c549bc9a95 100644 --- a/2015/1xxx/CVE-2015-1427.json +++ b/2015/1xxx/CVE-2015-1427.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150211 Elasticsearch vulnerability CVE-2015-1427", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534689/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html" - }, - { - "name" : "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/", - "refsource" : "CONFIRM", - "url" : "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/" - }, - { - "name" : "https://www.elastic.co/community/security/", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security/" - }, - { - "name" : "RHSA-2017:0868", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0868" - }, - { - "name" : "72585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72585" - }, - { - "name" : "elasticsearch-cve20151427-command-exec(100850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150211 Elasticsearch vulnerability CVE-2015-1427", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534689/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html" + }, + { + "name": "RHSA-2017:0868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0868" + }, + { + "name": "72585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72585" + }, + { + "name": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/", + "refsource": "CONFIRM", + "url": "http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/" + }, + { + "name": "elasticsearch-cve20151427-command-exec(100850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100850" + }, + { + "name": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html" + }, + { + "name": "https://www.elastic.co/community/security/", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security/" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1990.json b/2015/1xxx/CVE-2015-1990.json index 34bfd0b6be2..cb4e4e39707 100644 --- a/2015/1xxx/CVE-2015-1990.json +++ b/2015/1xxx/CVE-2015-1990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1990", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1990", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/4xxx/CVE-2015-4989.json b/2015/4xxx/CVE-2015-4989.json index 93f13cd37da..699c302efe9 100644 --- a/2015/4xxx/CVE-2015-4989.json +++ b/2015/4xxx/CVE-2015-4989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-4989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2015-4989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968866", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968866", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968866" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5319.json b/2015/5xxx/CVE-2015-5319.json index 3540219c1fe..f25773d4d00 100644 --- a/2015/5xxx/CVE-2015-5319.json +++ b/2015/5xxx/CVE-2015-5319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" - }, - { - "name" : "RHSA-2016:0070", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2016:0070" - }, - { - "name" : "RHSA-2016:0489", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0489.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0489", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html" + }, + { + "name": "RHSA-2016:0070", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2016:0070" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5770.json b/2015/5xxx/CVE-2015-5770.json index 03502d665ad..e2a2a25a29b 100644 --- a/2015/5xxx/CVE-2015-5770.json +++ b/2015/5xxx/CVE-2015-5770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/kb/HT205030", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT205030" - }, - { - "name" : "APPLE-SA-2015-08-13-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" - }, - { - "name" : "76337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76337" - }, - { - "name" : "1033275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/kb/HT205030", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT205030" + }, + { + "name": "1033275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033275" + }, + { + "name": "76337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76337" + }, + { + "name": "APPLE-SA-2015-08-13-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5846.json b/2015/5xxx/CVE-2015-5846.json index 8949d109bde..bf896e78ac8 100644 --- a/2015/5xxx/CVE-2015-5846.json +++ b/2015/5xxx/CVE-2015-5846.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205212", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205212" - }, - { - "name" : "https://support.apple.com/HT205213", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205213" - }, - { - "name" : "APPLE-SA-2015-09-16-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" - }, - { - "name" : "76764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76764" - }, - { - "name" : "1033609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033609" + }, + { + "name": "https://support.apple.com/HT205212", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205212" + }, + { + "name": "76764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76764" + }, + { + "name": "APPLE-SA-2015-09-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" + }, + { + "name": "https://support.apple.com/HT205213", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205213" + }, + { + "name": "APPLE-SA-2015-09-16-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5890.json b/2015/5xxx/CVE-2015-5890.json index 5f7034d1c7f..206ce049b89 100644 --- a/2015/5xxx/CVE-2015-5890.json +++ b/2015/5xxx/CVE-2015-5890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5928.json b/2015/5xxx/CVE-2015-5928.json index 88042e7daa4..114a09d3276 100644 --- a/2015/5xxx/CVE-2015-5928.json +++ b/2015/5xxx/CVE-2015-5928.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205370", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205370" - }, - { - "name" : "https://support.apple.com/HT205372", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205372" - }, - { - "name" : "https://support.apple.com/HT205377", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205377" - }, - { - "name" : "APPLE-SA-2015-10-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-10-21-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" - }, - { - "name" : "APPLE-SA-2015-10-21-5", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:0915", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" - }, - { - "name" : "USN-2937-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2937-1" - }, - { - "name" : "77267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77267" - }, - { - "name" : "1033929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-10-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html" + }, + { + "name": "77267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77267" + }, + { + "name": "https://support.apple.com/HT205370", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205370" + }, + { + "name": "https://support.apple.com/HT205372", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205372" + }, + { + "name": "openSUSE-SU-2016:0915", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" + }, + { + "name": "APPLE-SA-2015-10-21-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html" + }, + { + "name": "APPLE-SA-2015-10-21-5", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html" + }, + { + "name": "https://support.apple.com/HT205377", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205377" + }, + { + "name": "1033929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033929" + }, + { + "name": "USN-2937-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2937-1" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5985.json b/2015/5xxx/CVE-2015-5985.json index 12ba2644c05..4377c9c72b6 100644 --- a/2015/5xxx/CVE-2015-5985.json +++ b/2015/5xxx/CVE-2015-5985.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5985", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-5985", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3008.json b/2018/3xxx/CVE-2018-3008.json index 17e2a62fa2d..bcda7d0c786 100644 --- a/2018/3xxx/CVE-2018-3008.json +++ b/2018/3xxx/CVE-2018-3008.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2018-3008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2018-3008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "104841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104841" - }, - { - "name" : "1041309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "104841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104841" + }, + { + "name": "1041309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041309" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3942.json b/2018/3xxx/CVE-2018-3942.json index 6aa76ad386d..396f3edff2e 100644 --- a/2018/3xxx/CVE-2018-3942.json +++ b/2018/3xxx/CVE-2018-3942.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-01T00:00:00", - "ID" : "CVE-2018-3942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PDF Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-01T00:00:00", + "ID": "CVE-2018-3942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PDF Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + }, + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609" + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3947.json b/2018/3xxx/CVE-2018-3947.json index eb3cd26a39c..4ecdf5e4b20 100644 --- a/2018/3xxx/CVE-2018-3947.json +++ b/2018/3xxx/CVE-2018-3947.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-3947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yi Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" - } - ] - } - } - ] - }, - "vendor_name" : "Yi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cleartext Transmission of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-3947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yi Technology", + "version": { + "version_data": [ + { + "version_value": "Yi Technology Home Camera 27US 1.8.7.0D" + } + ] + } + } + ] + }, + "vendor_name": "Yi" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0616", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0616", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0616" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6382.json b/2018/6xxx/CVE-2018-6382.json index e870af9e4a9..89aa92900dc 100644 --- a/2018/6xxx/CVE-2018-6382.json +++ b/2018/6xxx/CVE-2018-6382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908", - "refsource" : "MISC", - "url" : "http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=23908", - "refsource" : "MISC", - "url" : "https://mantisbt.org/bugs/view.php?id=23908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908", + "refsource": "MISC", + "url": "http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908" + }, + { + "name": "https://mantisbt.org/bugs/view.php?id=23908", + "refsource": "MISC", + "url": "https://mantisbt.org/bugs/view.php?id=23908" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6605.json b/2018/6xxx/CVE-2018-6605.json index 5aec317e94f..45690a54275 100644 --- a/2018/6xxx/CVE-2018-6605.json +++ b/2018/6xxx/CVE-2018-6605.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43974", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43974/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43974", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43974/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7109.json b/2018/7xxx/CVE-2018-7109.json index 250a8014beb..5ce77cf1f4f 100644 --- a/2018/7xxx/CVE-2018-7109.json +++ b/2018/7xxx/CVE-2018-7109.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2018-7109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE enhanced Internet Usage Manager (eIUM)", - "version" : { - "version_data" : [ - { - "version_value" : "v9.0FP1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary File Modification" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2018-7109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE enhanced Internet Usage Manager (eIUM)", + "version": { + "version_data": [ + { + "version_value": "v9.0FP1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03896en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03896en_us" - }, - { - "name" : "105422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary File Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105422" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03896en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03896en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7222.json b/2018/7xxx/CVE-2018-7222.json index e5e1c303324..519bf5d3cb5 100644 --- a/2018/7xxx/CVE-2018-7222.json +++ b/2018/7xxx/CVE-2018-7222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7329.json b/2018/7xxx/CVE-2018-7329.json index cf0791004c7..7b521129fd8 100644 --- a/2018/7xxx/CVE-2018-7329.json +++ b/2018/7xxx/CVE-2018-7329.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "name" : "103158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" + }, + { + "name": "103158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103158" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7458.json b/2018/7xxx/CVE-2018-7458.json index 94046f01f81..2451ab92386 100644 --- a/2018/7xxx/CVE-2018-7458.json +++ b/2018/7xxx/CVE-2018-7458.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7458", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7458", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7508.json b/2018/7xxx/CVE-2018-7508.json index c5110c78f6b..2c1e6d8aaa4 100644 --- a/2018/7xxx/CVE-2018-7508.json +++ b/2018/7xxx/CVE-2018-7508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-7508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Web API", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Web API" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-7508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Web API", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Web API" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04" - }, - { - "name" : "103396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103396" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7856.json b/2018/7xxx/CVE-2018-7856.json index e94a9744a32..8d862b8c913 100644 --- a/2018/7xxx/CVE-2018-7856.json +++ b/2018/7xxx/CVE-2018-7856.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7856", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7856", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8052.json b/2018/8xxx/CVE-2018-8052.json index c8acb11c6a8..18b87ea4a20 100644 --- a/2018/8xxx/CVE-2018-8052.json +++ b/2018/8xxx/CVE-2018-8052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8501.json b/2018/8xxx/CVE-2018-8501.json index 23edde66ddb..74c2f87fbf7 100644 --- a/2018/8xxx/CVE-2018-8501.json +++ b/2018/8xxx/CVE-2018-8501.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerPoint Viewer", - "version" : { - "version_data" : [ - { - "version_value" : "2010 32-bit edition" - } - ] - } - }, - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - }, - { - "version_value" : "2019 for 32-bit editions" - }, - { - "version_value" : "2019 for 64-bit editions" - } - ] - } - }, - { - "product_name" : "Office", - "version" : { - "version_data" : [ - { - "version_value" : "365 ProPlus for 32-bit Systems" - }, - { - "version_value" : "365 ProPlus for 64-bit Systems" - } - ] - } - }, - { - "product_name" : "Microsoft PowerPoint", - "version" : { - "version_data" : [ - { - "version_value" : "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value" : "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value" : "2013 RT Service Pack 1" - }, - { - "version_value" : "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value" : "2013 Service Pack 1 (64-bit editions)" - }, - { - "version_value" : "2016 (32-bit edition)" - }, - { - "version_value" : "2016 (64-bit edition)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerPoint Viewer", + "version": { + "version_data": [ + { + "version_value": "2010 32-bit edition" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + } + ] + } + }, + { + "product_name": "Office", + "version": { + "version_data": [ + { + "version_value": "365 ProPlus for 32-bit Systems" + }, + { + "version_value": "365 ProPlus for 64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft PowerPoint", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501" - }, - { - "name" : "105497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105497" - }, - { - "name" : "1041838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041838" + }, + { + "name": "105497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105497" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8501" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8803.json b/2018/8xxx/CVE-2018-8803.json index bd5cc1fa272..32ea17f518e 100644 --- a/2018/8xxx/CVE-2018-8803.json +++ b/2018/8xxx/CVE-2018-8803.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8803", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8803", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file