admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-10-18 14:04:26 -04:00
parent 0e5bd6b262
commit 01d1577124
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
26 changed files with 411 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2006/4xxx/CVE-2006-4055.json
View File

@ -56,7 +56,7 @@
"url" : "http://www.securityfocus.com/archive/1/archive/1/442098/100/0/threaded"
},
{
"url" : "http://milw0rm.com/exploits/2116"
"url" : "https://www.exploit-db.com/exploits/2116"
},
{
"url" : "http://sourceforge.net/forum/forum.php?forum_id=597790"

55
2015/7xxx/CVE-2015-7714.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7714",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,35 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.exploit-db.com/exploits/38527/"
},
{
"url" : "http://packetstormsecurity.com/files/134066/Realtyna-RPL-8.9.2-SQL-Injection.html"
},
{
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5272.php"
},
{
"url" : "http://rpl.realtyna.com/change-logs/rpl7-changelog"
}
]
}

55
2015/7xxx/CVE-2015-7715.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7715",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,35 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.exploit-db.com/exploits/38528/"
},
{
"url" : "http://packetstormsecurity.com/files/134067/Realtyna-RPL-8.9.2-CSRF-Cross-Site-Scripting.html"
},
{
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5271.php"
},
{
"url" : "http://rpl.realtyna.com/change-logs/rpl7-changelog"
}
]
}

52
2015/7xxx/CVE-2015-7943.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7943",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.drupal.org/node/2598426"
},
{
"url" : "https://www.drupal.org/node/2598434"
},
{
"url" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical"
}
]
}

3
2016/0xxx/CVE-2016-0834.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-04-02.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/2xxx/CVE-2016-2434.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/2xxx/CVE-2016-2491.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/3xxx/CVE-2016-3793.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/3xxx/CVE-2016-3814.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/3xxx/CVE-2016-3815.json
View File

@ -54,6 +54,9 @@
"reference_data" : [
{
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}

3
2016/3xxx/CVE-2016-3847.json
View File

@ -55,6 +55,9 @@
{
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securityfocus.com/bid/92231"
}

3
2016/3xxx/CVE-2016-3873.json
View File

@ -55,6 +55,9 @@
{
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securitytracker.com/id/1036763"
}

3
2016/3xxx/CVE-2016-3930.json
View File

@ -55,6 +55,9 @@
{
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securityfocus.com/bid/93306"
}

52
2016/5xxx/CVE-2016-5714.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5714",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,32 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka \"Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugs.gentoo.org/597684"
},
{
"url" : "https://puppet.com/security/cve/pxp-agent-oct-2016"
},
{
"url" : "https://security.gentoo.org/glsa/201710-12"
}
]
}

3
2016/6xxx/CVE-2016-6915.json
View File

@ -58,6 +58,9 @@
{
"url" : "https://source.android.com/security/bulletin/2016-12-01"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securityfocus.com/bid/94667"
}

3
2016/6xxx/CVE-2016-6916.json
View File

@ -58,6 +58,9 @@
{
"url" : "https://source.android.com/security/bulletin/2016-12-01"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securityfocus.com/bid/94667"
}

3
2016/6xxx/CVE-2016-6917.json
View File

@ -58,6 +58,9 @@
{
"url" : "https://source.android.com/security/bulletin/2016-12-01"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.securityfocus.com/bid/94667"
}

49
2017/14xxx/CVE-2017-14322.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14322",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/fulldisclosure/2017/Oct/39"
},
{
"url" : "https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html"
}
]
}

3
2017/14xxx/CVE-2017-14491.json
View File

@ -73,6 +73,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

3
2017/14xxx/CVE-2017-14492.json
View File

@ -73,6 +73,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

3
2017/14xxx/CVE-2017-14493.json
View File

@ -73,6 +73,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

3
2017/14xxx/CVE-2017-14494.json
View File

@ -73,6 +73,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

3
2017/14xxx/CVE-2017-14495.json
View File

@ -73,6 +73,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

3
2017/14xxx/CVE-2017-14496.json
View File

@ -76,6 +76,9 @@
{
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3989"
},

61
2017/14xxx/CVE-2017-14956.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14956",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,41 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the \"/ossim/report/wizard_email.php\" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.securityfocus.com/archive/1/archive/1/541342/100/0/threaded"
},
{
"url" : "https://www.exploit-db.com/exploits/42988/"
},
{
"url" : "http://seclists.org/fulldisclosure/2017/Oct/32"
},
{
"url" : "http://packetstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.html"
},
{
"url" : "https://www.rcesecurity.com/2017/10/cve-2017-14956-alienvault-usm-leaks-sensitive-compliance-information-via-csrf/"
},
{
"url" : "http://www.securityfocus.com/bid/101284"
}
]
}

46
2017/15xxx/CVE-2017-15359.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15359",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/fulldisclosure/2017/Oct/37"
}
]
}