admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #118 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-04-02 09:11:36 -04:00 committed by GitHub
commit 11689bf47a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1264 changed files with 40956 additions and 1437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2010/5xxx/CVE-2010-5305.json
View File

@ -1,17 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-5305",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "PLC5",
"version": {
"version_data": [
{
"version_value": "1785-Lx"
},
{
"version_value": "1747-L5x"
}
]
}
},
{
"product_name": "SLC5/0x",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "RSLogix",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials management CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-10-070-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product\u2019s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services."
}
]
}

5
2011/1xxx/CVE-2011-1096.json
View File

@ -171,6 +171,11 @@
"name": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts",
"refsource": "MISC",
"url": "http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html",
"url": "https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E"
}
]
}

79
2013/2xxx/CVE-2013-2805.json
View File

@ -1,17 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2805",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2805",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "RSLinx Enterprise Software",
"version": {
"version_data": [
{
"version_value": "CPR9"
},
{
"version_value": "CPR9-SR1"
},
{
"version_value": "CPR9-SR2"
},
{
"version_value": "CPR9-SR3"
},
{
"version_value": "CPR9-SR4"
},
{
"version_value": "CPR9-SR5"
},
{
"version_value": "CPR9-SR5.1"
},
{
"version_value": "CPR9-SR6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the \u201cRecord Data Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
}

79
2013/2xxx/CVE-2013-2806.json
View File

@ -1,17 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2806",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2806",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "RSLinx Enterprise Software",
"version": {
"version_data": [
{
"version_value": "CPR9"
},
{
"version_value": "CPR9-SR1"
},
{
"version_value": "CPR9-SR2"
},
{
"version_value": "CPR9-SR3"
},
{
"version_value": "CPR9-SR4"
},
{
"version_value": "CPR9-SR5"
},
{
"version_value": "CPR9-SR5.1"
},
{
"version_value": "CPR9-SR6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cEnd of Current Record\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size.\u201d Then the service will calculate an incorrect value for the \u201cEnd of Current Record\u201d field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
}

79
2013/2xxx/CVE-2013-2807.json
View File

@ -1,17 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2807",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2807",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "RSLinx Enterprise Software",
"version": {
"version_data": [
{
"version_value": "CPR9"
},
{
"version_value": "CPR9-SR1"
},
{
"version_value": "CPR9-SR2"
},
{
"version_value": "CPR9-SR3"
},
{
"version_value": "CPR9-SR4"
},
{
"version_value": "CPR9-SR5"
},
{
"version_value": "CPR9-SR5.1"
},
{
"version_value": "CPR9-SR6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-095-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the \u201cTotal Record Size\u201d field. By sending a datagram to the service over Port 4444/UDP with the \u201cRecord Data Size\u201d field modified to a specifically oversized value, the service will calculate an undersized value for the \u201cTotal Record Size\u201d that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
}

10
2014/0xxx/CVE-2014-0114.json
View File

@ -381,6 +381,16 @@
"name": "58851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58851"
},
{
"refsource": "MLIST",
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3576.json
View File

@ -96,6 +96,11 @@
"name": "20151106 [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536862/100/0/threaded"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3579.json
View File

@ -76,6 +76,11 @@
"name": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3600.json
View File

@ -76,6 +76,11 @@
"name": "https://issues.apache.org/jira/browse/AMQ-5333",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/AMQ-5333"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3612.json
View File

@ -76,6 +76,11 @@
"name": "RHSA-2015:0138",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0138.html"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

58
2014/5xxx/CVE-2014-5401.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5401",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5401",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hospira",
"product": {
"product_data": [
{
"product_name": "MedNet",
"version": {
"version_data": [
{
"version_value": "<= 5.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1."
}
]
}

58
2014/5xxx/CVE-2014-5431.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5431",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5431",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-coded password CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes."
}
]
}

58
2014/5xxx/CVE-2014-5432.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5432",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5432",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass issues CWE-592"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes."
}
]
}

58
2014/5xxx/CVE-2014-5433.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5433",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5433",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes."
}
]
}

58
2014/5xxx/CVE-2014-5434.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5434",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5434",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-coded password CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes."
}
]
}

53
2014/7xxx/CVE-2014-7198.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7198",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/",
"refsource": "MISC",
"name": "https://www.openmicroscopy.org/security/advisories/2014-SV3-csrf/"
},
{
"url": "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html",
"refsource": "MISC",
"name": "http://lists.openmicroscopy.org.uk/pipermail/ome-users/2014-November/004871.html"
}
]
}

5
2014/8xxx/CVE-2014-8110.json
View File

@ -76,6 +76,11 @@
"name": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

64
2014/9xxx/CVE-2014-9187.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9187",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9187",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion PKS",
"version": {
"version_data": [
{
"version_value": "R40x prior to R400.6"
},
{
"version_value": "R41x prior to R410.6"
},
{
"version_value": "R43x prior to R430.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
}
]
}

64
2014/9xxx/CVE-2014-9189.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9189",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9189",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion PKS",
"version": {
"version_data": [
{
"version_value": "R40x prior to R400.6"
},
{
"version_value": "R41x prior to R410.6"
},
{
"version_value": "R43x prior to R430.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version."
}
]
}

108
2015/1xxx/CVE-2015-1007.json
View File

@ -1,17 +1,111 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1007",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opto 22",
"product": {
"product_data": [
{
"product_name": "PAC Project Professional",
"version": {
"version_data": [
{
"version_value": "< R9.4008"
}
]
}
},
{
"product_name": "PAC Project Basic",
"version": {
"version_data": [
{
"version_value": "< R9.4008"
}
]
}
},
{
"product_name": "PAC Display Basic",
"version": {
"version_data": [
{
"version_value": "< R9.4g"
}
]
}
},
{
"product_name": "PAC Display Professional",
"version": {
"version_data": [
{
"version_value": "< R9.4g"
}
]
}
},
{
"product_name": "OptoOPCServer",
"version": {
"version_data": [
{
"version_value": "R9.4c and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
},
{
"product_name": "OptoDataLink",
"version": {
"version_data": [
{
"version_value": "R9.4d and prior that were installed by PAC Project installer versions prior to R9.4008"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible."
}
]
}

58
2015/1xxx/CVE-2015-1012.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1012",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1012",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hospira",
"product": {
"product_data": [
{
"product_name": "LifeCare PCA Infusion System",
"version": {
"version_data": [
{
"version_value": "<= 5.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access."
}
]
}

64
2015/1xxx/CVE-2015-1014.json
View File

@ -1,17 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1014",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1014",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "OFS v3.5",
"version": {
"version_data": [
{
"version_value": "< v7.40 of SCADA Expert Vijeo Citect/CitectSCADA"
},
{
"version_value": "< v7.30 of Vijeo Citect/CitectSCADA"
},
{
"version_value": "< v7.20 of Vijeo Citect/CitectSCADA."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL hijacking CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version."
}
]
}

5
2015/1xxx/CVE-2015-1830.json
View File

@ -76,6 +76,11 @@
"name": "1033315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033315"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2015/1xxx/CVE-2015-1872.json
View File

@ -71,6 +71,11 @@
"name": "72644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72644"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html"
}
]
}

5
2015/4xxx/CVE-2015-4047.json
View File

@ -111,6 +111,11 @@
"name": "[oss-security] 20150521 Re: CVE Request: ipsec-tools",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/21/11"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K05013313",
"url": "https://support.f5.com/csp/article/K05013313"
}
]
}

10
2015/4xxx/CVE-2015-4852.json
View File

@ -116,6 +116,16 @@
"name": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/",
"refsource": "MISC",
"url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46628",
"url": "https://www.exploit-db.com/exploits/46628/"
}
]
}

5
2015/5xxx/CVE-2015-5254.json
View File

@ -111,6 +111,11 @@
"name": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2015/6xxx/CVE-2015-6563.json
View File

@ -131,6 +131,11 @@
"name": "https://security.netapp.com/advisory/ntap-20180201-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180201-0002/"
},
{
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"
}
]
}

5
2015/6xxx/CVE-2015-6564.json
View File

@ -121,6 +121,11 @@
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
}
]
}

5
2016/0xxx/CVE-2016-0734.json
View File

@ -76,6 +76,11 @@
"name": "84321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84321"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2016/0xxx/CVE-2016-0782.json
View File

@ -81,6 +81,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317516",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317516"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

10
2016/10xxx/CVE-2016-10741.json
View File

@ -76,6 +76,16 @@
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2016/10xxx/CVE-2016-10743.json
View File

@ -56,6 +56,11 @@
"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389",
"refsource": "MISC",
"name": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190328 [SECURITY] [DLA 1733-1] wpa security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00035.html"
}
]
}

72
2016/10xxx/CVE-2016-10744.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/snipe/snipe-it/pull/6831",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/pull/6831"
},
{
"url": "https://github.com/select2/select2/issues/4587",
"refsource": "MISC",
"name": "https://github.com/select2/select2/issues/4587"
},
{
"url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
}
]
}
}

5
2016/3xxx/CVE-2016-3088.json
View File

@ -81,6 +81,11 @@
"name": "1035951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035951"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2016/3xxx/CVE-2016-3510.json
View File

@ -71,6 +71,11 @@
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html"
}
]
}

5
2016/4xxx/CVE-2016-4000.json
View File

@ -106,6 +106,11 @@
"name": "105647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105647"
},
{
"refsource": "MLIST",
"name": "[infra-devnull] 20190402 [GitHub] [flink] aloyszhang opened pull request #8100: [FLINK-12082] Bump up the jython-standalone version",
"url": "https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E"
}
]
}

5
2016/4xxx/CVE-2016-4055.json
View File

@ -71,6 +71,11 @@
"name": "95849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95849"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-02",
"url": "https://www.tenable.com/security/tns-2019-02"
}
]
}

5
2016/5xxx/CVE-2016-5684.json
View File

@ -71,6 +71,11 @@
"name": "GLSA-201701-68",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-68"
},
{
"refsource": "UBUNTU",
"name": "USN-3925-1",
"url": "https://usn.ubuntu.com/3925-1/"
}
]
}

5
2016/5xxx/CVE-2016-5823.json
View File

@ -56,6 +56,11 @@
"name": "[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/25/4"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-02",
"url": "https://security.gentoo.org/glsa/201904-02"
}
]
}

10
2016/5xxx/CVE-2016-5824.json
View File

@ -101,6 +101,16 @@
"name": "RHSA-2019:0270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0270"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-02",
"url": "https://security.gentoo.org/glsa/201904-02"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-07",
"url": "https://security.gentoo.org/glsa/201904-07"
}
]
}

5
2016/6xxx/CVE-2016-6810.json
View File

@ -72,6 +72,11 @@
"name": "[users] 20161209 [ANNOUNCE] CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
}
]
}

5
2016/9xxx/CVE-2016-9082.json
View File

@ -76,6 +76,11 @@
"name": "https://bugs.freedesktop.org/attachment.cgi?id=127421",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/attachment.cgi?id=127421"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-01",
"url": "https://security.gentoo.org/glsa/201904-01"
}
]
}

5
2017/1000xxx/CVE-2017-1000460.json
View File

@ -68,6 +68,11 @@
"name": "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html"
}
]
}

5
2017/10xxx/CVE-2017-10686.json
View File

@ -61,6 +61,11 @@
"name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392414",
"refsource": "MISC",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392414"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-19",
"url": "https://security.gentoo.org/glsa/201903-19"
}
]
}

5
2017/11xxx/CVE-2017-11111.json
View File

@ -61,6 +61,11 @@
"name": "USN-3694-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3694-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-19",
"url": "https://security.gentoo.org/glsa/201903-19"
}
]
}

5
2017/12xxx/CVE-2017-12122.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/12xxx/CVE-2017-12617.json
View File

@ -216,6 +216,11 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K53173544",
"url": "https://support.f5.com/csp/article/K53173544"
}
]
}

10
2017/13xxx/CVE-2017-13305.json
View File

@ -82,6 +82,16 @@
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

5
2017/13xxx/CVE-2017-13672.json
View File

@ -101,6 +101,11 @@
"name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/30/3"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1074",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
]
}

5
2017/13xxx/CVE-2017-13673.json
View File

@ -81,6 +81,11 @@
"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1074",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
]
}

5
2017/14xxx/CVE-2017-14058.json
View File

@ -66,6 +66,11 @@
"name": "DSA-3996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html"
}
]
}

5
2017/14xxx/CVE-2017-14228.json
View File

@ -61,6 +61,11 @@
"name": "USN-3694-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3694-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-19",
"url": "https://security.gentoo.org/glsa/201903-19"
}
]
}

5
2017/14xxx/CVE-2017-14440.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/14xxx/CVE-2017-14441.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/14xxx/CVE-2017-14442.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/14xxx/CVE-2017-14448.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/14xxx/CVE-2017-14449.json
View File

@ -62,6 +62,11 @@
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

5
2017/14xxx/CVE-2017-14450.json
View File

@ -72,6 +72,11 @@
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-17",
"url": "https://security.gentoo.org/glsa/201903-17"
}
]
}

20
2017/15xxx/CVE-2017-15709.json
View File

@ -57,6 +57,26 @@
"name": "https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories",
"url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-dev] 20190327 Re: Website",
"url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
"url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-dev] 20190328 Re: Website",
"url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E"
}
]
}

68
2017/16xxx/CVE-2017-16774.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2019-03-31T00:00:00",
"ID": "CVE-2017-16774",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.1.4-15217-3"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +36,44 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_26"
}
]
}

68
2017/16xxx/CVE-2017-16775.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2019-03-31T00:00:00",
"ID": "CVE-2017-16775",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SSO Server",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.1.3-0129"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +36,44 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Rendered UI Layers or Frames (CWE-1021)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_28",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_28"
}
]
}

60
2017/18xxx/CVE-2017-18105.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2017-18105",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crowd",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<"
},
{
"version_value": "3.1.0",
"version_affected": ">="
},
{
"version_value": "3.1.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5072",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5072"
}
]
}

52
2017/18xxx/CVE-2017-18106.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2017-18106",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crowd",
"version": {
"version_data": [
{
"version_value": "2.9.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +36,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5061",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5061"
}
]
}

52
2017/18xxx/CVE-2017-18108.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-04-16T00:00:00",
"ID": "CVE-2017-18108",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crowd",
"version": {
"version_data": [
{
"version_value": "2.10.2",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +36,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5062",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5062"
}
]
}

60
2017/18xxx/CVE-2017-18109.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2017-18109",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crowd",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<"
},
{
"version_value": "3.1.0",
"version_affected": ">="
},
{
"version_value": "3.1.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5071",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5071"
}
]
}

60
2017/18xxx/CVE-2017-18110.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2017-18110",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crowd",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<"
},
{
"version_value": "3.1.0",
"version_affected": ">="
},
{
"version_value": "3.1.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5070",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5070"
}
]
}

68
2017/18xxx/CVE-2017-18111.json
View File

@ -1,8 +1,49 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-05-31T00:00:00",
"ID": "CVE-2017-18111",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Links",
"version": {
"version_data": [
{
"version_value": "5.0.10",
"version_affected": "<"
},
{
"version_value": "5.1.0",
"version_affected": ">="
},
{
"version_value": "5.1.3",
"version_affected": "<"
},
{
"version_value": "5.2.0",
"version_affected": ">="
},
{
"version_value": "5.2.6",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +52,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ecosystem.atlassian.net/browse/APL-1338",
"refsource": "MISC",
"name": "https://ecosystem.atlassian.net/browse/APL-1338"
}
]
}

5
2017/18xxx/CVE-2017-18214.json
View File

@ -61,6 +61,11 @@
"name": "https://nodesecurity.io/advisories/532",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/532"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-02",
"url": "https://www.tenable.com/security/tns-2019-02"
}
]
}

10
2017/18xxx/CVE-2017-18269.json
View File

@ -66,6 +66,16 @@
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0001/"
}
]
}

5
2017/18xxx/CVE-2017-18285.json
View File

@ -61,6 +61,11 @@
"name": "https://bugs.gentoo.org/641842",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/641842"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-05",
"url": "https://security.gentoo.org/glsa/201904-05"
}
]
}

5
2017/18xxx/CVE-2017-18342.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-779a9db46a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-44643e8bcb",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/"
}
]
}

76
2017/18xxx/CVE-2017-18364.json Normal file
View File

@ -0,0 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.netsparker.com/web-applications-advisories/ns-17-030-multiple-reflected-xss-vulnerabilities-in-phpfkl-lite/",
"refsource": "MISC",
"name": "https://www.netsparker.com/web-applications-advisories/ns-17-030-multiple-reflected-xss-vulnerabilities-in-phpfkl-lite/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:R",
"version": "3.0"
}
}
}

67
2017/18xxx/CVE-2017-18365.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html",
"refsource": "MISC",
"name": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
},
{
"url": "https://enterprise.github.com/releases/2.8.7/notes",
"refsource": "MISC",
"name": "https://enterprise.github.com/releases/2.8.7/notes"
}
]
}
}

10
2017/1xxx/CVE-2017-1427.json
View File

@ -62,6 +62,16 @@
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127579"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0003/"
}
]
}

10
2017/1xxx/CVE-2017-1428.json
View File

@ -62,6 +62,16 @@
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007242",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007242"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0003/"
}
]
}

10
2017/1xxx/CVE-2017-1779.json
View File

@ -93,6 +93,16 @@
"name": "1040299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040299"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0003/"
}
]
}

10
2017/1xxx/CVE-2017-1783.json
View File

@ -93,6 +93,16 @@
"name": "102863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102863"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0003/"
}
]
}

10
2017/1xxx/CVE-2017-1784.json
View File

@ -88,6 +88,16 @@
"name": "1040299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040299"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190401-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190401-0003/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190329-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190329-0003/"
}
]
}

14
2017/2xxx/CVE-2017-2660.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2660",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None."
}
]
}

76
2017/2xxx/CVE-2017-2748.json
View File

@ -1,17 +1,79 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2748",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Isaac Mizrahi",
"product": {
"product_data": [
{
"product_name": "Isaac Mizrahi Smartwatch Mobile App",
"version": {
"version_data": [
{
"version_value": "Isaac Mizrahi iOS app versions 1.0.2.10"
},
{
"version_value": "1.2.2.12"
},
{
"version_value": "1.3.7"
},
{
"version_value": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214"
},
{
"version_value": "1.2.2016040820"
},
{
"version_value": "1.3.2016052319"
},
{
"version_value": "1.4.2016072601"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure HTTP during login."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hp.com/us-en/document/c05976868",
"url": "https://support.hp.com/us-en/document/c05976868"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."
}
]
}

67
2017/2xxx/CVE-2017-2752.json
View File

@ -1,17 +1,70 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2752",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2752",
"ASSIGNER": "hp-security-alert@hp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tommy Hilfiger",
"product": {
"product_data": [
{
"product_name": "Tommy Hilfiger TH24/7 Android app",
"version": {
"version_data": [
{
"version_value": "Tommy Hilfiger TH24/7 Android app versions 2.0.0.11"
},
{
"version_value": "2.0.1.14"
},
{
"version_value": "2.1.0.16"
},
{
"version_value": "and 2.2.0.19."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure of application configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hp.com/us-en/document/c05904705",
"url": "https://support.hp.com/us-en/document/c05904705"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue."
}
]
}

10
2017/3xxx/CVE-2017-3164.json
View File

@ -67,6 +67,16 @@
"refsource": "MLIST",
"name": "[lucene-dev] 20190325 [jira] [Commented] (SOLR-12770) [CVE-2017-3164] Make it possible to configure a shards whitelist for master/slave",
"url": "https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7@%3Cdev.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-dev] 20190327 [jira] [Commented] (SOLR-12770) [CVE-2017-3164] Make it possible to configure a shards whitelist for master/slave",
"url": "https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649@%3Cdev.lucene.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190327-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190327-0003/"
}
]
}

10
2017/5xxx/CVE-2017-5617.json
View File

@ -76,6 +76,16 @@
"name": "https://github.com/blackears/svgSalamander/issues/11",
"refsource": "CONFIRM",
"url": "https://github.com/blackears/svgSalamander/issues/11"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-3cbce64a64",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPUOI6NCEB6H6YHKN7M4V3CAQD63NXAU/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-735d3953e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3V7RIIO3HO4RNDBN2PARLIDAL3RPV2OX/"
}
]
}

10
2017/5xxx/CVE-2017-5753.json
View File

@ -352,6 +352,16 @@
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
}
]
}

58
2017/7xxx/CVE-2017-7340.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-7340",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "4.0.0 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality."
}
]
}

58
2017/7xxx/CVE-2017-7342.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7342",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-7342",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet, Inc.",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button"
}
]
}

5
2017/7xxx/CVE-2017-7482.json
View File

@ -96,6 +96,11 @@
"name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0641",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
]
}

55
2017/7xxx/CVE-2017-7655.json
View File

@ -1,8 +1,36 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2017-7655",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Mosquitto",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "1.0"
},
{
"version_affected": "<=",
"version_value": "1.4.15"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +39,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775"
}
]
}

87
2017/8xxx/CVE-2017-8023.json
View File

@ -1,8 +1,46 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-03-26T04:00:00.000Z",
"ID": "CVE-2017-8023",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "EMC Networker Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.2.X"
},
{
"version_affected": "=",
"version_value": "9.0.X"
},
{
"version_affected": "<",
"version_value": "9.1.15"
},
{
"version_affected": "<",
"version_value": "9.2.1"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +49,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Mar/50",
"name": "https://seclists.org/fulldisclosure/2019/Mar/50"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2017/9xxx/CVE-2017-9233.json
View File

@ -101,6 +101,11 @@
"name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K03244804",
"url": "https://support.f5.com/csp/article/K03244804"
}
]
}

5
2017/9xxx/CVE-2017-9344.json
View File

@ -81,6 +81,11 @@
"name": "98796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98796"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html"
}
]
}

5
2017/9xxx/CVE-2017-9349.json
View File

@ -81,6 +81,11 @@
"name": "1038612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038612"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html"
}
]
}

5
2017/9xxx/CVE-2017-9376.json
View File

@ -33,6 +33,11 @@
"refsource": "MISC",
"name": "https://labs.integrity.pt/advisories/cve-2017-9376/",
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
},
{
"refsource": "BID",
"name": "107558",
"url": "http://www.securityfocus.com/bid/107558"
}
]
},

76
2017/9xxx/CVE-2017-9626.json
View File

@ -1,17 +1,79 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9626",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-9626",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Marel",
"product": {
"product_data": [
{
"product_name": "Marel Food Processing Systems Pluto platform",
"version": {
"version_data": [
{
"version_value": "Graders using Pluto platform"
},
{
"version_value": "Portioning Machines using Pluto platform"
},
{
"version_value": "Flowline systems using Pluto platform"
},
{
"version_value": "Packing systems using Pluto platform"
},
{
"version_value": "SensorX machines using Pluto platform"
},
{
"version_value": "Target Batchers using Pluto platform"
},
{
"version_value": "and SpeedBatchers using Pluto platform"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication."
}
]
}

5
2017/9xxx/CVE-2017-9814.json
View File

@ -56,6 +56,11 @@
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=101547",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=101547"
},
{
"refsource": "GENTOO",
"name": "GLSA-201904-01",
"url": "https://security.gentoo.org/glsa/201904-01"
}
]
}

60
2018/1000xxx/CVE-2018-1000061.json
View File

@ -1,63 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/7/2018 9:24:38",
"ID": "CVE-2018-1000061",
"REQUESTER": "paul.sokolovsky+cve@linaro.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1000061",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ARMmbed/mbedtls/issues/1356",
"refsource": "CONFIRM",
"url": "https://github.com/ARMmbed/mbedtls/issues/1356"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2018/1000xxx/CVE-2018-1000100.json
View File

@ -58,6 +58,11 @@
"name": "https://github.com/gpac/gpac/issues/994",
"refsource": "MISC",
"url": "https://github.com/gpac/gpac/issues/994"
},
{
"refsource": "UBUNTU",
"name": "USN-3926-1",
"url": "https://usn.ubuntu.com/3926-1/"
}
]
}

5
2018/1000xxx/CVE-2018-1000222.json
View File

@ -69,6 +69,11 @@
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-201903-18",
"url": "https://security.gentoo.org/glsa/201903-18"
}
]
}

5
2018/1000xxx/CVE-2018-1000877.json
View File

@ -94,6 +94,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-0233ec0ff3",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fbe83d0e32",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/"
}
]
}

Some files were not shown because too many files have changed in this diff Show More