From fe614c3a727a1ab4220a2f656b0456834d344563 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:08:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/0xxx/CVE-2005-0089.json | 230 +++++++++---------- 2005/0xxx/CVE-2005-0596.json | 130 +++++------ 2005/2xxx/CVE-2005-2130.json | 34 +-- 2005/2xxx/CVE-2005-2214.json | 140 ++++++------ 2005/2xxx/CVE-2005-2237.json | 140 ++++++------ 2005/2xxx/CVE-2005-2304.json | 130 +++++------ 2005/3xxx/CVE-2005-3280.json | 180 +++++++-------- 2005/3xxx/CVE-2005-3596.json | 170 +++++++------- 2005/3xxx/CVE-2005-3619.json | 140 ++++++------ 2005/3xxx/CVE-2005-3649.json | 170 +++++++------- 2005/3xxx/CVE-2005-3734.json | 190 ++++++++-------- 2005/4xxx/CVE-2005-4186.json | 34 +-- 2005/4xxx/CVE-2005-4350.json | 170 +++++++------- 2009/0xxx/CVE-2009-0807.json | 130 +++++------ 2009/2xxx/CVE-2009-2334.json | 250 ++++++++++---------- 2009/2xxx/CVE-2009-2346.json | 160 ++++++------- 2009/3xxx/CVE-2009-3334.json | 130 +++++------ 2009/3xxx/CVE-2009-3734.json | 160 ++++++------- 2009/3xxx/CVE-2009-3776.json | 34 +-- 2012/2xxx/CVE-2012-2161.json | 140 ++++++------ 2012/2xxx/CVE-2012-2879.json | 160 ++++++------- 2015/0xxx/CVE-2015-0190.json | 34 +-- 2015/0xxx/CVE-2015-0326.json | 240 ++++++++++---------- 2015/0xxx/CVE-2015-0787.json | 130 +++++------ 2015/0xxx/CVE-2015-0874.json | 140 ++++++------ 2015/1xxx/CVE-2015-1114.json | 170 +++++++------- 2015/1xxx/CVE-2015-1288.json | 200 ++++++++-------- 2015/1xxx/CVE-2015-1423.json | 160 ++++++------- 2015/1xxx/CVE-2015-1596.json | 120 +++++----- 2015/1xxx/CVE-2015-1671.json | 140 ++++++------ 2015/5xxx/CVE-2015-5125.json | 180 +++++++-------- 2015/5xxx/CVE-2015-5683.json | 34 +-- 2018/3xxx/CVE-2018-3107.json | 34 +-- 2018/3xxx/CVE-2018-3331.json | 34 +-- 2018/3xxx/CVE-2018-3338.json | 34 +-- 2018/3xxx/CVE-2018-3474.json | 34 +-- 2018/6xxx/CVE-2018-6019.json | 120 +++++----- 2018/6xxx/CVE-2018-6356.json | 140 ++++++------ 2018/7xxx/CVE-2018-7127.json | 34 +-- 2018/7xxx/CVE-2018-7256.json | 36 +-- 2018/7xxx/CVE-2018-7995.json | 210 ++++++++--------- 2018/8xxx/CVE-2018-8208.json | 238 +++++++++---------- 2018/8xxx/CVE-2018-8344.json | 428 +++++++++++++++++------------------ 2018/8xxx/CVE-2018-8774.json | 34 +-- 2018/8xxx/CVE-2018-8898.json | 130 +++++------ 45 files changed, 3038 insertions(+), 3038 deletions(-) diff --git a/2005/0xxx/CVE-2005-0089.json b/2005/0xxx/CVE-2005-0089.json index 35629eea73b..2f81eab6ecc 100644 --- a/2005/0xxx/CVE-2005-0089.json +++ b/2005/0xxx/CVE-2005-0089.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110746469728728&w=2" - }, - { - "name" : "http://www.python.org/security/PSF-2005-001/", - "refsource" : "CONFIRM", - "url" : "http://www.python.org/security/PSF-2005-001/" - }, - { - "name" : "http://python.org/security/PSF-2005-001/patch-2.2.txt", - "refsource" : "CONFIRM", - "url" : "http://python.org/security/PSF-2005-001/patch-2.2.txt" - }, - { - "name" : "DSA-666", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-666" - }, - { - "name" : "MDKSA-2005:035", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:035" - }, - { - "name" : "RHSA-2005:108", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-108.html" - }, - { - "name" : "2005-0003", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2005/0003/" - }, - { - "name" : "12437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12437" - }, - { - "name" : "oval:org.mitre.oval:def:9811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811" - }, - { - "name" : "1013083", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013083" - }, - { - "name" : "14128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14128" - }, - { - "name" : "python-simplexmlrpcserver-bypass(19217)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013083", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013083" + }, + { + "name": "python-simplexmlrpcserver-bypass(19217)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19217" + }, + { + "name": "http://www.python.org/security/PSF-2005-001/", + "refsource": "CONFIRM", + "url": "http://www.python.org/security/PSF-2005-001/" + }, + { + "name": "20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110746469728728&w=2" + }, + { + "name": "2005-0003", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2005/0003/" + }, + { + "name": "oval:org.mitre.oval:def:9811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811" + }, + { + "name": "12437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12437" + }, + { + "name": "14128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14128" + }, + { + "name": "DSA-666", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-666" + }, + { + "name": "http://python.org/security/PSF-2005-001/patch-2.2.txt", + "refsource": "CONFIRM", + "url": "http://python.org/security/PSF-2005-001/patch-2.2.txt" + }, + { + "name": "MDKSA-2005:035", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:035" + }, + { + "name": "RHSA-2005:108", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-108.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0596.json b/2005/0xxx/CVE-2005-0596.json index 2e823c160dc..d1c41f53b65 100644 --- a/2005/0xxx/CVE-2005-0596.json +++ b/2005/0xxx/CVE-2005-0596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12665" - }, - { - "name" : "SUSE-SR:2005:006", - "refsource" : "SUSE", - "url" : "http://www.linuxcompatible.org/story42495.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12665" + }, + { + "name": "SUSE-SR:2005:006", + "refsource": "SUSE", + "url": "http://www.linuxcompatible.org/story42495.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2130.json b/2005/2xxx/CVE-2005-2130.json index abc9377a115..01a9841c54e 100644 --- a/2005/2xxx/CVE-2005-2130.json +++ b/2005/2xxx/CVE-2005-2130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2130", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2130", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2214.json b/2005/2xxx/CVE-2005-2214.json index e2ad24b9689..4a9d8b68e12 100644 --- a/2005/2xxx/CVE-2005-2214.json +++ b/2005/2xxx/CVE-2005-2214.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305142", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305142" - }, - { - "name" : "14173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14173" - }, - { - "name" : "15955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305142", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305142" + }, + { + "name": "15955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15955" + }, + { + "name": "14173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14173" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2237.json b/2005/2xxx/CVE-2005-2237.json index 29ea24eb7e1..3142b4033ee 100644 --- a/2005/2xxx/CVE-2005-2237.json +++ b/2005/2xxx/CVE-2005-2237.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.caughq.org/advisories/CAU-2005-0007.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/advisories/CAU-2005-0007.txt" - }, - { - "name" : "13921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13921" - }, - { - "name" : "1014132", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13921" + }, + { + "name": "http://www.caughq.org/advisories/CAU-2005-0007.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/advisories/CAU-2005-0007.txt" + }, + { + "name": "1014132", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014132" + } + ] + } +} \ No newline at end of file diff --git a/2005/2xxx/CVE-2005-2304.json b/2005/2xxx/CVE-2005-2304.json index a94499af214..891a9080e99 100644 --- a/2005/2xxx/CVE-2005-2304.json +++ b/2005/2xxx/CVE-2005-2304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-2304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-2304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050716 Internet Explorer / MSN ICC Profiles Crash PoC Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/405377" - }, - { - "name" : "14288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/14288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050716 Internet Explorer / MSN ICC Profiles Crash PoC Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/405377" + }, + { + "name": "14288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/14288" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3280.json b/2005/3xxx/CVE-2005-3280.json index 3303b260bcd..1ea4ab29c73 100644 --- a/2005/3xxx/CVE-2005-3280.json +++ b/2005/3xxx/CVE-2005-3280.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Paros 3.2.5 uses a default password for the \"sa\" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zone-h.com/en/advisories/read/id=8286/", - "refsource" : "MISC", - "url" : "http://www.zone-h.com/en/advisories/read/id=8286/" - }, - { - "name" : "20060130 Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423446/100/0/threaded" - }, - { - "name" : "GLSA-200601-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-15.xml" - }, - { - "name" : "15141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15141" - }, - { - "name" : "17089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17089" - }, - { - "name" : "18626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18626" - }, - { - "name" : "paros-password-security-bypass(22557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Paros 3.2.5 uses a default password for the \"sa\" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15141" + }, + { + "name": "20060130 Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423446/100/0/threaded" + }, + { + "name": "17089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17089" + }, + { + "name": "http://www.zone-h.com/en/advisories/read/id=8286/", + "refsource": "MISC", + "url": "http://www.zone-h.com/en/advisories/read/id=8286/" + }, + { + "name": "paros-password-security-bypass(22557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22557" + }, + { + "name": "18626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18626" + }, + { + "name": "GLSA-200601-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-15.xml" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3596.json b/2005/3xxx/CVE-2005-3596.json index 50f2e6c988b..0289a88babc 100644 --- a/2005/3xxx/CVE-2005-3596.json +++ b/2005/3xxx/CVE-2005-3596.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051108 ASPKnowledgebase vulnerable to SQL-inject", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113156859811594&w=2" - }, - { - "name" : "15364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15364/" - }, - { - "name" : "ADV-2005-2375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2375" - }, - { - "name" : "20712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/20712" - }, - { - "name" : "17517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17517/" - }, - { - "name" : "aspknowledgebase-admin-bypass-security(23038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17517/" + }, + { + "name": "15364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15364/" + }, + { + "name": "aspknowledgebase-admin-bypass-security(23038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23038" + }, + { + "name": "20051108 ASPKnowledgebase vulnerable to SQL-inject", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113156859811594&w=2" + }, + { + "name": "20712", + "refsource": "OSVDB", + "url": "http://osvdb.org/20712" + }, + { + "name": "ADV-2005-2375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2375" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3619.json b/2005/3xxx/CVE-2005-3619.json index 2f68b0da85b..f036c894659 100644 --- a/2005/3xxx/CVE-2005-3619.json +++ b/2005/3xxx/CVE-2005-3619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060601 Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435610/100/0/threaded" - }, - { - "name" : "20060601 VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435888/100/0/threaded" - }, - { - "name" : "http://www.corsaire.com/advisories/c051114-002.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c051114-002.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.corsaire.com/advisories/c051114-002.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c051114-002.txt" + }, + { + "name": "20060601 Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435610/100/0/threaded" + }, + { + "name": "20060601 VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435888/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3649.json b/2005/3xxx/CVE-2005-3649.json index 3ee399bd0ed..4ad64e07de7 100644 --- a/2005/3xxx/CVE-2005-3649.json +++ b/2005/3xxx/CVE-2005-3649.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051110 Moodle <=1.6dev blind SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=113165668814241&w=2" - }, - { - "name" : "http://rgod.altervista.org/moodle16dev.html", - "refsource" : "MISC", - "url" : "http://rgod.altervista.org/moodle16dev.html" - }, - { - "name" : "ADV-2005-2387", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2387" - }, - { - "name" : "20750", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20750" - }, - { - "name" : "17526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17526/" - }, - { - "name" : "168", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2387", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2387" + }, + { + "name": "20051110 Moodle <=1.6dev blind SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=113165668814241&w=2" + }, + { + "name": "168", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/168" + }, + { + "name": "http://rgod.altervista.org/moodle16dev.html", + "refsource": "MISC", + "url": "http://rgod.altervista.org/moodle16dev.html" + }, + { + "name": "17526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17526/" + }, + { + "name": "20750", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20750" + } + ] + } +} \ No newline at end of file diff --git a/2005/3xxx/CVE-2005-3734.json b/2005/3xxx/CVE-2005-3734.json index f8d5a4b6985..f41ab9ecbea 100644 --- a/2005/3xxx/CVE-2005-3734.json +++ b/2005/3xxx/CVE-2005-3734.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-3734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/417219/30/0/threaded" - }, - { - "name" : "http://www.trapkit.de/advisories/TKADV2005-11-004.txt", - "refsource" : "MISC", - "url" : "http://www.trapkit.de/advisories/TKADV2005-11-004.txt" - }, - { - "name" : "http://www.phpmyfaq.de/advisory_2005-11-18.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2005-11-18.php" - }, - { - "name" : "15504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15504" - }, - { - "name" : "ADV-2005-2505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2505" - }, - { - "name" : "20989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/20989" - }, - { - "name" : "17649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17649" - }, - { - "name" : "196", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"add content\" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17649" + }, + { + "name": "196", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/196" + }, + { + "name": "http://www.phpmyfaq.de/advisory_2005-11-18.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2005-11-18.php" + }, + { + "name": "20989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/20989" + }, + { + "name": "15504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15504" + }, + { + "name": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt", + "refsource": "MISC", + "url": "http://www.trapkit.de/advisories/TKADV2005-11-004.txt" + }, + { + "name": "ADV-2005-2505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2505" + }, + { + "name": "20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/417219/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4186.json b/2005/4xxx/CVE-2005-4186.json index 750ce20d80b..b681157f710 100644 --- a/2005/4xxx/CVE-2005-4186.json +++ b/2005/4xxx/CVE-2005-4186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4186", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/4xxx/CVE-2005-4350.json b/2005/4xxx/CVE-2005-4350.json index ebc604129f0..9ec9993fb07 100644 --- a/2005/4xxx/CVE-2005-4350.json +++ b/2005/4xxx/CVE-2005-4350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-4350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-4350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02088", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00582373" - }, - { - "name" : "SSRT051026", - "refsource" : "HP", - "url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00582373" - }, - { - "name" : "15930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15930" - }, - { - "name" : "ADV-2005-3001", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/3001" - }, - { - "name" : "1015377", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2005/Dec/1015377.html" - }, - { - "name" : "18160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT051026", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00582373" + }, + { + "name": "15930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15930" + }, + { + "name": "18160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18160" + }, + { + "name": "HPSBMA02088", + "refsource": "HP", + "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00582373" + }, + { + "name": "ADV-2005-3001", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/3001" + }, + { + "name": "1015377", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2005/Dec/1015377.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0807.json b/2009/0xxx/CVE-2009-0807.json index 6ddb3aa6f43..da46a3110b9 100644 --- a/2009/0xxx/CVE-2009-0807.json +++ b/2009/0xxx/CVE-2009-0807.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8092", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8092" - }, - { - "name" : "zfeeder-admin-security-bypass(48866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zfeeder-admin-security-bypass(48866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48866" + }, + { + "name": "8092", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8092" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2334.json b/2009/2xxx/CVE-2009-2334.json index 3064bad5e28..8461fc89429 100644 --- a/2009/2xxx/CVE-2009-2334.json +++ b/2009/2xxx/CVE-2009-2334.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504795/100/0/threaded" - }, - { - "name" : "9110", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9110" - }, - { - "name" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked", - "refsource" : "MISC", - "url" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked" - }, - { - "name" : "http://wordpress.org/development/2009/07/wordpress-2-8-1/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2009/07/wordpress-2-8-1/" - }, - { - "name" : "DSA-1871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1871" - }, - { - "name" : "FEDORA-2009-7701", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html" - }, - { - "name" : "FEDORA-2009-7729", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html" - }, - { - "name" : "FEDORA-2009-8529", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html" - }, - { - "name" : "FEDORA-2009-8538", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html" - }, - { - "name" : "35584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35584" - }, - { - "name" : "55712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55712" - }, - { - "name" : "55715", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55715" - }, - { - "name" : "1022528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022528" - }, - { - "name" : "ADV-2009-1833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2009-8538", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html" + }, + { + "name": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked", + "refsource": "MISC", + "url": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked" + }, + { + "name": "FEDORA-2009-7729", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html" + }, + { + "name": "http://wordpress.org/development/2009/07/wordpress-2-8-1/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/" + }, + { + "name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded" + }, + { + "name": "1022528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022528" + }, + { + "name": "FEDORA-2009-7701", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html" + }, + { + "name": "ADV-2009-1833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1833" + }, + { + "name": "DSA-1871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1871" + }, + { + "name": "FEDORA-2009-8529", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html" + }, + { + "name": "55712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55712" + }, + { + "name": "35584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35584" + }, + { + "name": "55715", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55715" + }, + { + "name": "9110", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9110" + } + ] + } +} \ No newline at end of file diff --git a/2009/2xxx/CVE-2009-2346.json b/2009/2xxx/CVE-2009-2346.json index 9aab557c728..9ae7d0a26f4 100644 --- a/2009/2xxx/CVE-2009-2346.json +++ b/2009/2xxx/CVE-2009-2346.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506257/100/0/threaded" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2009-006.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2009-006.html" - }, - { - "name" : "36275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36275" - }, - { - "name" : "1022819", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022819" - }, - { - "name" : "36593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022819", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022819" + }, + { + "name": "20090903 AST-2009-006: IAX2 Call Number Resource Exhaustion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded" + }, + { + "name": "36593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36593" + }, + { + "name": "36275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36275" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2009-006.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3334.json b/2009/3xxx/CVE-2009-3334.json index 8fd5a1a54e9..067e6642763 100644 --- a/2009/3xxx/CVE-2009-3334.json +++ b/2009/3xxx/CVE-2009-3334.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9732", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/9732" - }, - { - "name" : "36471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9732", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/9732" + }, + { + "name": "36471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36471" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3734.json b/2009/3xxx/CVE-2009-3734.json index bc194ab382d..5589e63042b 100644 --- a/2009/3xxx/CVE-2009-3734.json +++ b/2009/3xxx/CVE-2009-3734.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service (configuration reset) via a request to a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2009-3734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-7ZDNNE", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/WDON-7ZDNNE" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-7ZDNNZ", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/WDON-7ZDNNZ" - }, - { - "name" : "http://blip.tv/file/3414004", - "refsource" : "MISC", - "url" : "http://blip.tv/file/3414004" - }, - { - "name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", - "refsource" : "MISC", - "url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" - }, - { - "name" : "VU#571629", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/571629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service (configuration reset) via a request to a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/WDON-7ZDNNE", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/WDON-7ZDNNE" + }, + { + "name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", + "refsource": "MISC", + "url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-7ZDNNZ", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/WDON-7ZDNNZ" + }, + { + "name": "http://blip.tv/file/3414004", + "refsource": "MISC", + "url": "http://blip.tv/file/3414004" + }, + { + "name": "VU#571629", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/571629" + } + ] + } +} \ No newline at end of file diff --git a/2009/3xxx/CVE-2009-3776.json b/2009/3xxx/CVE-2009-3776.json index ebf2463103e..a0e968001ec 100644 --- a/2009/3xxx/CVE-2009-3776.json +++ b/2009/3xxx/CVE-2009-3776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-3776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-3776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2161.json b/2012/2xxx/CVE-2012-2161.json index 818c4eb46d6..80a175019d3 100644 --- a/2012/2xxx/CVE-2012-2161.json +++ b/2012/2xxx/CVE-2012-2161.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21596690", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21596690" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21598423", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21598423" - }, - { - "name" : "iehs-multiple-xss(74833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "iehs-multiple-xss(74833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21598423", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21598423" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21596690", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21596690" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2879.json b/2012/2xxx/CVE-2012-2879.json index 7a170e20d1d..60810f00415 100644 --- a/2012/2xxx/CVE-2012-2879.json +++ b/2012/2xxx/CVE-2012-2879.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=139168", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=139168" - }, - { - "name" : "openSUSE-SU-2012:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:15634", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15634" - }, - { - "name" : "google-chrome-cve20122879(78833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-cve20122879(78833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78833" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=139168", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=139168" + }, + { + "name": "openSUSE-SU-2012:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:15634", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15634" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0190.json b/2015/0xxx/CVE-2015-0190.json index 3f12e493c0a..30857aaf14f 100644 --- a/2015/0xxx/CVE-2015-0190.json +++ b/2015/0xxx/CVE-2015-0190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0190", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-0190", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0326.json b/2015/0xxx/CVE-2015-0326.json index 4c680054f8b..77cb2fdef86 100644 --- a/2015/0xxx/CVE-2015-0326.json +++ b/2015/0xxx/CVE-2015-0326.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/2755801", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/2755801" - }, - { - "name" : "GLSA-201502-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml" - }, - { - "name" : "RHSA-2015:0140", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html" - }, - { - "name" : "SUSE-SU-2015:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" - }, - { - "name" : "SUSE-SU-2015:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2015:0237", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2015:0238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" - }, - { - "name" : "72514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72514" - }, - { - "name" : "1031706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031706" - }, - { - "name" : "62886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62886" - }, - { - "name" : "62895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62895" - }, - { - "name" : "adobe-flash-cve20150326-dos(100712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201502-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml" + }, + { + "name": "openSUSE-SU-2015:0238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html" + }, + { + "name": "62895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62895" + }, + { + "name": "adobe-flash-cve20150326-dos(100712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100712" + }, + { + "name": "1031706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031706" + }, + { + "name": "62886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62886" + }, + { + "name": "https://technet.microsoft.com/library/security/2755801", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/2755801" + }, + { + "name": "openSUSE-SU-2015:0237", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html" + }, + { + "name": "SUSE-SU-2015:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html" + }, + { + "name": "72514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72514" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html" + }, + { + "name": "RHSA-2015:0140", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html" + }, + { + "name": "SUSE-SU-2015:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0787.json b/2015/0xxx/CVE-2015-0787.json index 1aae6de2fad..b198ef02ed9 100644 --- a/2015/0xxx/CVE-2015-0787.json +++ b/2015/0xxx/CVE-2015-0787.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2015-0787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ Designer for Identity Manager before 4.5.3", - "version" : { - "version_data" : [ - { - "version_value" : "NetIQ Designer for Identity Manager before 4.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2015-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ Designer for Identity Manager before 4.5.3", + "version": { + "version_data": [ + { + "version_value": "NetIQ Designer for Identity Manager before 4.5.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://download.novell.com/Download?buildid=QgHXVOxv310~", - "refsource" : "CONFIRM", - "url" : "https://download.novell.com/Download?buildid=QgHXVOxv310~" - }, - { - "name" : "93972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93972" + }, + { + "name": "https://download.novell.com/Download?buildid=QgHXVOxv310~", + "refsource": "CONFIRM", + "url": "https://download.novell.com/Download?buildid=QgHXVOxv310~" + } + ] + } +} \ No newline at end of file diff --git a/2015/0xxx/CVE-2015-0874.json b/2015/0xxx/CVE-2015-0874.json index fd93055fb66..b7b1e403c20 100644 --- a/2015/0xxx/CVE-2015-0874.json +++ b/2015/0xxx/CVE-2015-0874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-0874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2015-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#14522790", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN14522790/index.html" - }, - { - "name" : "JVNDB-2015-000015", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000015.html" - }, - { - "name" : "72597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72597" + }, + { + "name": "JVNDB-2015-000015", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000015.html" + }, + { + "name": "JVN#14522790", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN14522790/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1114.json b/2015/1xxx/CVE-2015-1114.json index 9866225b6ba..703e5e66b9b 100644 --- a/2015/1xxx/CVE-2015-1114.json +++ b/2015/1xxx/CVE-2015-1114.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-1114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT204661", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204661" - }, - { - "name" : "https://support.apple.com/HT204662", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204662" - }, - { - "name" : "APPLE-SA-2015-04-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" - }, - { - "name" : "APPLE-SA-2015-04-08-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" - }, - { - "name" : "73983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/73983" - }, - { - "name" : "1032050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2015-04-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" + }, + { + "name": "73983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/73983" + }, + { + "name": "1032050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032050" + }, + { + "name": "https://support.apple.com/HT204662", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204662" + }, + { + "name": "APPLE-SA-2015-04-08-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" + }, + { + "name": "https://support.apple.com/HT204661", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204661" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1288.json b/2015/1xxx/CVE-2015-1288.json index 53e5a20651b..f04fdc53bcb 100644 --- a/2015/1xxx/CVE-2015-1288.json +++ b/2015/1xxx/CVE-2015-1288.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2015-1288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=479162", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=479162" - }, - { - "name" : "https://codereview.chromium.org/1056103005", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1056103005" - }, - { - "name" : "DSA-3315", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3315" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2015:1499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" - }, - { - "name" : "openSUSE-SU-2015:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" - }, - { - "name" : "75973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75973" - }, - { - "name" : "1033031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html" + }, + { + "name": "https://codereview.chromium.org/1056103005", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1056103005" + }, + { + "name": "openSUSE-SU-2015:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" + }, + { + "name": "1033031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033031" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=479162", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=479162" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "75973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75973" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" + }, + { + "name": "DSA-3315", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3315" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1423.json b/2015/1xxx/CVE-2015-1423.json index b1e0e14f315..29706b766e1 100644 --- a/2015/1xxx/CVE-2015-1423.json +++ b/2015/1xxx/CVE-2015-1423.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35767", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35767" - }, - { - "name" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php" - }, - { - "name" : "116968", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/116968" - }, - { - "name" : "geckocms-index-sql-injection(99976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php" + }, + { + "name": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html" + }, + { + "name": "35767", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35767" + }, + { + "name": "geckocms-index-sql-injection(99976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99976" + }, + { + "name": "116968", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/116968" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1596.json b/2015/1xxx/CVE-2015-1596.json index c59abfe0a26..6f9570cf99e 100644 --- a/2015/1xxx/CVE-2015-1596.json +++ b/2015/1xxx/CVE-2015-1596.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-1596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/1xxx/CVE-2015-1671.json b/2015/1xxx/CVE-2015-1671.json index 3ba63bac39b..c789b7ce6a8 100644 --- a/2015/1xxx/CVE-2015-1671.json +++ b/2015/1xxx/CVE-2015-1671.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-1671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka \"TrueType Font Parsing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2015-1671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS15-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044" - }, - { - "name" : "74490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74490" - }, - { - "name" : "1032281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka \"TrueType Font Parsing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS15-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-044" + }, + { + "name": "1032281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032281" + }, + { + "name": "74490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74490" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5125.json b/2015/5xxx/CVE-2015-5125.json index fab9dba0949..4c9f0263c8a 100644 --- a/2015/5xxx/CVE-2015-5125.json +++ b/2015/5xxx/CVE-2015-5125.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2015-5125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "name" : "GLSA-201508-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201508-01" - }, - { - "name" : "openSUSE-SU-2015:1781", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" - }, - { - "name" : "76291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76291" - }, - { - "name" : "1033235", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201508-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201508-01" + }, + { + "name": "76291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76291" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" + }, + { + "name": "openSUSE-SU-2015:1781", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" + }, + { + "name": "1033235", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033235" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5683.json b/2015/5xxx/CVE-2015-5683.json index 8d58d610b04..44e675b12fc 100644 --- a/2015/5xxx/CVE-2015-5683.json +++ b/2015/5xxx/CVE-2015-5683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3107.json b/2018/3xxx/CVE-2018-3107.json index 244d019b52d..ab28d036725 100644 --- a/2018/3xxx/CVE-2018-3107.json +++ b/2018/3xxx/CVE-2018-3107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3331.json b/2018/3xxx/CVE-2018-3331.json index a2c88735922..730e943f693 100644 --- a/2018/3xxx/CVE-2018-3331.json +++ b/2018/3xxx/CVE-2018-3331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3331", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3331", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3338.json b/2018/3xxx/CVE-2018-3338.json index 5217824ac84..fa675919f53 100644 --- a/2018/3xxx/CVE-2018-3338.json +++ b/2018/3xxx/CVE-2018-3338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/3xxx/CVE-2018-3474.json b/2018/3xxx/CVE-2018-3474.json index 4fb169cbfb5..84585fd2352 100644 --- a/2018/3xxx/CVE-2018-3474.json +++ b/2018/3xxx/CVE-2018-3474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-3474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-3474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6019.json b/2018/6xxx/CVE-2018-6019.json index d927ff47222..4834a12191b 100644 --- a/2018/6xxx/CVE-2018-6019.json +++ b/2018/6xxx/CVE-2018-6019.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wwws.nightwatchcybersecurity.com/2018/03/01/content-injection-in-samsung-display-solutions-application-for-android-cve-2018-6019/", - "refsource" : "MISC", - "url" : "https://wwws.nightwatchcybersecurity.com/2018/03/01/content-injection-in-samsung-display-solutions-application-for-android-cve-2018-6019/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wwws.nightwatchcybersecurity.com/2018/03/01/content-injection-in-samsung-display-solutions-application-for-android-cve-2018-6019/", + "refsource": "MISC", + "url": "https://wwws.nightwatchcybersecurity.com/2018/03/01/content-injection-in-samsung-display-solutions-application-for-android-cve-2018-6019/" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6356.json b/2018/6xxx/CVE-2018-6356.json index 887dab5aa78..d0d6a198cd6 100644 --- a/2018/6xxx/CVE-2018-6356.json +++ b/2018/6xxx/CVE-2018-6356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-6356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180214 Multiple vulnerabilities in Jenkins", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/02/14/1" - }, - { - "name" : "https://jenkins.io/security/advisory/2018-02-14/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-02-14/" - }, - { - "name" : "103037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180214 Multiple vulnerabilities in Jenkins", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/02/14/1" + }, + { + "name": "103037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103037" + }, + { + "name": "https://jenkins.io/security/advisory/2018-02-14/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-02-14/" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7127.json b/2018/7xxx/CVE-2018-7127.json index 2e6c3b74f2b..bf82445aac2 100644 --- a/2018/7xxx/CVE-2018-7127.json +++ b/2018/7xxx/CVE-2018-7127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7127", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7127", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7256.json b/2018/7xxx/CVE-2018-7256.json index 44dbcbd16c7..66e4d0d22d6 100644 --- a/2018/7xxx/CVE-2018-7256.json +++ b/2018/7xxx/CVE-2018-7256.json @@ -1,19 +1,19 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_PUBLIC" : "2018-05-24T00:00:00", - "ID" : "CVE-2018-7256", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-05-24T00:00:00", + "ID": "CVE-2018-7256", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7995.json b/2018/7xxx/CVE-2018-7995.json index 0fe45337568..3470b724954 100644 --- a/2018/7xxx/CVE-2018-7995.json +++ b/2018/7xxx/CVE-2018-7995.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-7995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-7995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" - }, - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1084755", - "refsource" : "MISC", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1084755" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf" - }, - { - "name" : "https://lkml.org/lkml/2018/3/2/970", - "refsource" : "MISC", - "url" : "https://lkml.org/lkml/2018/3/2/970" - }, - { - "name" : "DSA-4187", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4187" - }, - { - "name" : "DSA-4188", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name" : "USN-3654-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-1/" - }, - { - "name" : "USN-3654-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3654-2/" - }, - { - "name" : "USN-3656-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3656-1/" - }, - { - "name" : "103356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4187", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4187" + }, + { + "name": "USN-3654-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-1/" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1084755", + "refsource": "MISC", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1084755" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf" + }, + { + "name": "DSA-4188", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "name": "https://lkml.org/lkml/2018/3/2/970", + "refsource": "MISC", + "url": "https://lkml.org/lkml/2018/3/2/970" + }, + { + "name": "103356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103356" + }, + { + "name": "USN-3654-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3654-2/" + }, + { + "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" + }, + { + "name": "USN-3656-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3656-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8208.json b/2018/8xxx/CVE-2018-8208.json index 4524a381363..06106c5f358 100644 --- a/2018/8xxx/CVE-2018-8208.json +++ b/2018/8xxx/CVE-2018-8208.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka \"Windows Desktop Bridge Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44914", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44914/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8208", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8208" - }, - { - "name" : "104392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104392" - }, - { - "name" : "1041093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka \"Windows Desktop Bridge Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44914", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44914/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8208", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8208" + }, + { + "name": "1041093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041093" + }, + { + "name": "104392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104392" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8344.json b/2018/8xxx/CVE-2018-8344.json index 22eabaa1eb7..8a1c0e63b69 100644 --- a/2018/8xxx/CVE-2018-8344.json +++ b/2018/8xxx/CVE-2018-8344.json @@ -1,216 +1,216 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-8344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2008", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 2" - }, - { - "version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" - }, - { - "version_value" : "Itanium-Based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2" - }, - { - "version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2008", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 2" + }, + { + "version_value": "32-bit Systems Service Pack 2 (Server Core installation)" + }, + { + "version_value": "Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2" + }, + { + "version_value": "x64-based Systems Service Pack 2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8344", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8344" - }, - { - "name" : "104983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104983" - }, - { - "name" : "1041475", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \"Microsoft Graphics Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104983" + }, + { + "name": "1041475", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041475" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8344", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8344" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8774.json b/2018/8xxx/CVE-2018-8774.json index c5bf81727c0..3f2a68d2b0d 100644 --- a/2018/8xxx/CVE-2018-8774.json +++ b/2018/8xxx/CVE-2018-8774.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8774", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8774", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8898.json b/2018/8xxx/CVE-2018-8898.json index 6e2c67c8b07..d0e96df56db 100644 --- a/2018/8xxx/CVE-2018-8898.json +++ b/2018/8xxx/CVE-2018-8898.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer=\"V100R001B012\" FWVer=\"3.10.0.24\" FirmVer=\"TT_77616E6771696F6E67\") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44657", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44657/" - }, - { - "name" : "http://packetstormsecurity.com/files/147708/D-Link-DSL-3782-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147708/D-Link-DSL-3782-Authentication-Bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer=\"V100R001B012\" FWVer=\"3.10.0.24\" FirmVer=\"TT_77616E6771696F6E67\") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/147708/D-Link-DSL-3782-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147708/D-Link-DSL-3782-Authentication-Bypass.html" + }, + { + "name": "44657", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44657/" + } + ] + } +} \ No newline at end of file