admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #232 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2020-03-16 11:23:14 -04:00 committed by GitHub
commit 15700c1e12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1312 changed files with 62630 additions and 1318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2009/5xxx/CVE-2009-5159.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.securityfocus.com/bid/37263/info",
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/37263/info"
},
{
"url": "https://www.exploit-db.com/exploits/33394",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/33394"
},
{
"url": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html"
},
{
"url": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/",
"refsource": "MISC",
"name": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/"
}
]
}
}

127
2011/2xxx/CVE-2011-2487.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2487",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,128 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "WSS4J",
"version": {
"version_data": [
{
"version_value": "before 1.6.5"
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "JBossWS",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=713539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
},
{
"refsource": "MISC",
"name": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/",
"url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
},
{
"refsource": "MISC",
"name": "http://cxf.apache.org/note-on-cve-2011-2487.html",
"url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0191.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0192.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0193.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0194.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0195.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0196.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0198.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0221.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57549",
"url": "http://www.securityfocus.com/bid/57549"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
}
]
}

55
2012/1xxx/CVE-2012-1094.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1094",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JBoss AS 7",
"version": {
"version_data": [
{
"version_value": "prior to 7.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-1094",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-1094"
}
]
}

75
2012/1xxx/CVE-2012-1096.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1096",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNOME",
"product": {
"product_data": [
{
"product_name": "NetworkManager",
"version": {
"version_data": [
{
"version_value": "0.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1096",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1096"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-1096",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-1096"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/02/3"
},
{
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=793329",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=793329"
}
]
}

65
2012/1xxx/CVE-2012-1101.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1101",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "systemd",
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "37-1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/05/4",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/4"
},
{
"refsource": "CONFIRM",
"name": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3",
"url": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029"
}
]
}

48
2013/1xxx/CVE-2013-1753.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1753",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugs.python.org/issue16043",
"url": "https://bugs.python.org/issue16043"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
}

5
2013/1xxx/CVE-2013-1813.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
}
]
}

5
2013/2xxx/CVE-2013-2165.json
View File

@ -101,6 +101,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}

5
2014/9xxx/CVE-2014-9645.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-3935-1",
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"refsource": "FULLDISC",
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
}
]
}

5
2015/0xxx/CVE-2015-0279.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}

48
2015/3xxx/CVE-2015-3641.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3641",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
]
}

5
2015/5xxx/CVE-2015-5057.json
View File

@ -66,6 +66,11 @@
"name": "75421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75421"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/8064",
"url": "https://wpvulndb.com/vulnerabilities/8064"
}
]
}

10
2015/9xxx/CVE-2015-9251.json
View File

@ -201,6 +201,16 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0481",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0729",
"url": "https://access.redhat.com/errata/RHSA-2020:0729"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
}
]
}

5
2015/9xxx/CVE-2015-9302.json
View File

@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/8342",
"url": "https://wpvulndb.com/vulnerabilities/8342"
},
{
"url": "https://wordpress.org/plugins/simple-fields/#developers",
"refsource": "MISC",

63
2016/1000xxx/CVE-2016-1000111.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000111",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2016/07/18/6",
"url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"
},
{
"refsource": "CONFIRM",
"name": "https://twistedmatrix.com/trac/ticket/8623",
"url": "https://twistedmatrix.com/trac/ticket/8623"
},
{
"refsource": "CONFIRM",
"name": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html",
"url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"
}
]
}

5
2016/6xxx/CVE-2016-6301.json
View File

@ -106,6 +106,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
}
]
}

5
2016/6xxx/CVE-2016-6814.json
View File

@ -122,6 +122,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-01",
"url": "https://security.gentoo.org/glsa/202003-01"
}
]
}

87
2016/9xxx/CVE-2016-9158.json
View File

@ -4,46 +4,82 @@
"ID": "CVE-2016-9158",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family",
"product_name": "SIMATIC S7-300 CPU family",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-300 CPU family : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-400 V7 CPU family : All versions"
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V6 and earlier CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V7 CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. This vulnerability affects all SIMATIC S7-300 PN CPUs, and all SIMATIC S7-400 PN V6 and V7 CPUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -56,6 +92,14 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system."
}
]
},
"references": {
"reference_data": [
{
@ -77,6 +121,11 @@
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
}
]
}

107
2016/9xxx/CVE-2016-9159.json
View File

@ -4,46 +4,102 @@
"ID": "CVE-2016-9159",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family",
"product_name": "SIMATIC S7-300 CPU family",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-300 CPU family : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-400 V7 CPU family : All versions"
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V6 and earlier CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V7 CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8 CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -56,6 +112,14 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices."
}
]
},
"references": {
"reference_data": [
{
@ -77,6 +141,11 @@
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf"
}
]
}

5
2016/9xxx/CVE-2016-9840.json
View File

@ -186,6 +186,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4292-1",
"url": "https://usn.ubuntu.com/4292-1/"
}
]
}

5
2016/9xxx/CVE-2016-9841.json
View File

@ -201,6 +201,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4292-1",
"url": "https://usn.ubuntu.com/4292-1/"
}
]
}

5
2016/9xxx/CVE-2016-9842.json
View File

@ -186,6 +186,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4292-1",
"url": "https://usn.ubuntu.com/4292-1/"
}
]
}

5
2016/9xxx/CVE-2016-9843.json
View File

@ -201,6 +201,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4292-1",
"url": "https://usn.ubuntu.com/4292-1/"
}
]
}

48
2017/10xxx/CVE-2017-10992.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10992",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://labs.integrity.pt/advisories/cve-2017-10992/",
"url": "https://labs.integrity.pt/advisories/cve-2017-10992/"
}
]
}

5
2017/16xxx/CVE-2017-16544.json
View File

@ -106,6 +106,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
}
]
}

5
2017/17xxx/CVE-2017-17095.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-25",
"url": "https://security.gentoo.org/glsa/202003-25"
}
]
}

53
2017/18xxx/CVE-2017-18350.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18350",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"refsource": "MISC",
"name": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5",
"url": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5"
}
]
}

5
2017/18xxx/CVE-2017-18635.json
View File

@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "https://github.com/ShielderSec/cve-2017-18635",
"url": "https://github.com/ShielderSec/cve-2017-18635"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0754",
"url": "https://access.redhat.com/errata/RHSA-2020:0754"
}
]
}

5
2017/2xxx/CVE-2017-2284.json
View File

@ -66,6 +66,11 @@
"name": "https://wordpress.org/plugins/popup-maker/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/popup-maker/#developers"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/8878",
"url": "https://wpvulndb.com/vulnerabilities/8878"
}
]
}

5
2017/5xxx/CVE-2017-5617.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-735d3953e8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3V7RIIO3HO4RNDBN2PARLIDAL3RPV2OX/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-11",
"url": "https://security.gentoo.org/glsa/202003-11"
}
]
}

48
2018/10xxx/CVE-2018-10125.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10125",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Contao before 4.5.7 has XSS in the system log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html",
"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html"
}
]
}

53
2018/10xxx/CVE-2018-10704.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10704",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "yidashi yii2cmf 2.0 has XSS via the /search q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yidashi/yii2cmf",
"refsource": "MISC",
"name": "https://github.com/yidashi/yii2cmf"
},
{
"refsource": "MISC",
"name": "http://testh5shanglv.minshengec.com:1024/phpmyadmin/doc/yii2cmf_xss.htm",
"url": "http://testh5shanglv.minshengec.com:1024/phpmyadmin/doc/yii2cmf_xss.htm"
}
]
}

5
2018/11xxx/CVE-2018-11769.json
View File

@ -72,6 +72,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-83f513fd7e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
}
]
}

5
2018/12xxx/CVE-2018-12532.json
View File

@ -61,6 +61,11 @@
"name": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html",
"refsource": "MISC",
"url": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}

5
2018/12xxx/CVE-2018-12533.json
View File

@ -81,6 +81,11 @@
"name": "RHSA-2018:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2930"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}

53
2018/13xxx/CVE-2018-13060.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13060",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sysdream.com/news/lab/",
"refsource": "MISC",
"name": "https://sysdream.com/news/lab/"
},
{
"refsource": "MISC",
"name": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass/",
"url": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass/"
}
]
}

53
2018/13xxx/CVE-2018-13063.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13063",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sysdream.com/news/lab/",
"refsource": "MISC",
"name": "https://sysdream.com/news/lab/"
},
{
"refsource": "MISC",
"name": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage/",
"url": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage/"
}
]
}

5
2018/14xxx/CVE-2018-14040.json
View File

@ -121,6 +121,11 @@
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
}
]
}

10
2018/14xxx/CVE-2018-14041.json
View File

@ -116,6 +116,16 @@
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
}
]
}

10
2018/14xxx/CVE-2018-14042.json
View File

@ -106,6 +106,16 @@
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
}
]
}

5
2018/14xxx/CVE-2018-14335.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[ignite-user] 20191213 Re: H2 version security concern",
"url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
}

53
2018/14xxx/CVE-2018-14502.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14502",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/chained-quiz/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/chained-quiz/#developers"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9112",
"url": "https://wpvulndb.com/vulnerabilities/9112"
}
]
}

5
2018/14xxx/CVE-2018-14553.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0332",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
}
]
}

5
2018/14xxx/CVE-2018-14667.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"refsource": "FULLDISC",
"name": "20200313 RichFaces exploitation toolkit",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}

5
2018/14xxx/CVE-2018-14701.json
View File

@ -56,6 +56,11 @@
"name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html"
}
]
}

5
2018/14xxx/CVE-2018-14709.json
View File

@ -56,6 +56,11 @@
"name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html"
}
]
}

5
2018/16xxx/CVE-2018-16871.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0740",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
},

5
2018/17xxx/CVE-2018-17188.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-83f513fd7e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
}
]
}

5
2018/17xxx/CVE-2018-17784.json
View File

@ -61,6 +61,11 @@
"name": "45594",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45594/"
},
{
"refsource": "MISC",
"name": "https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities",
"url": "https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities"
}
]
}

53
2018/18xxx/CVE-2018-18894.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18894",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://support.lexmark.com/alerts",
"refsource": "MISC",
"name": "http://support.lexmark.com/alerts"
},
{
"refsource": "CONFIRM",
"name": "http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US",
"url": "http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US"
}
]
}

5
2018/19xxx/CVE-2018-19210.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html",
"url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-25",
"url": "https://security.gentoo.org/glsa/202003-25"
}
]
}

48
2018/19xxx/CVE-2018-19516.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19516",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv=\"REFRESH\" value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612",
"refsource": "MISC",
"name": "https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612"
}
]
}

10
2018/1xxx/CVE-2018-1311.json
View File

@ -53,6 +53,16 @@
"refsource": "MLIST",
"name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.",
"url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0704",
"url": "https://access.redhat.com/errata/RHSA-2020:0704"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0702",
"url": "https://access.redhat.com/errata/RHSA-2020:0702"
}
]
},

5
2018/20xxx/CVE-2018-20184.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2018/20xxx/CVE-2018-20185.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2018/20xxx/CVE-2018-20189.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

48
2018/20xxx/CVE-2018-20586.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20586",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586",
"refsource": "MISC",
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586"
}
]
}

5
2018/20xxx/CVE-2018-20852.json
View File

@ -121,6 +121,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0086",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-26",
"url": "https://security.gentoo.org/glsa/202003-26"
}
]
}

18
2018/21xxx/CVE-2018-21036.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/21xxx/CVE-2018-21037.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-21037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

4
2018/4xxx/CVE-2018-4832.json
View File

@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < Service Pack R8.2 SP2"
}
]
}
@ -306,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},

5
2018/8xxx/CVE-2018-8007.json
View File

@ -90,6 +90,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-83f513fd7e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/"
}
]
}

20
2019/0xxx/CVE-2019-0205.json
View File

@ -143,6 +143,26 @@
"refsource": "MLIST",
"name": "[thrift-commits] 20200208 [thrift] 01/01: THRIFT-5075: Backport changes for CVE-2019-0205 to 0.9.3.1 branch",
"url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0806",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0811",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0804",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0805",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
}
]
},

20
2019/0xxx/CVE-2019-0210.json
View File

@ -48,6 +48,26 @@
"refsource": "CONFIRM",
"name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E",
"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0806",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0811",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0804",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0805",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
}
]
},

5
2019/1010xxx/CVE-2019-1010057.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-9013b5e75d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-17",
"url": "https://security.gentoo.org/glsa/202003-17"
}
]
}

5
2019/1010xxx/CVE-2019-1010180.json
View File

@ -81,6 +81,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2494",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-31",
"url": "https://security.gentoo.org/glsa/202003-31"
}
]
}

5
2019/10xxx/CVE-2019-10064.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html",
"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"
}
]
}

61
2019/10xxx/CVE-2019-10065.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.otrs.com/category/release-and-security-notes-en/",
"refsource": "MISC",
"name": "https://community.otrs.com/category/release-and-security-notes-en/"
},
{
"refsource": "CONFIRM",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/",
"url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/"
}
]
}

20
2019/10xxx/CVE-2019-10086.json
View File

@ -148,6 +148,26 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0194",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0806",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0811",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0804",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0805",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
}
]
},

50
2019/10xxx/CVE-2019-10091.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Geode",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat 1.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r3342077ac4798631300366be86e545d0c08753cca8fd2663867fe200%40%3Cdev.geode.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r3342077ac4798631300366be86e545d0c08753cca8fd2663867fe200%40%3Cdev.geode.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack."
}
]
}

5
2019/10xxx/CVE-2019-10129.json
View File

@ -53,6 +53,11 @@
"url": "https://www.postgresql.org/about/news/1939/",
"refsource": "MISC",
"name": "https://www.postgresql.org/about/news/1939/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-03",
"url": "https://security.gentoo.org/glsa/202003-03"
}
]
},

5
2019/10xxx/CVE-2019-10130.json
View File

@ -62,6 +62,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-03",
"url": "https://security.gentoo.org/glsa/202003-03"
}
]
},

5
2019/10xxx/CVE-2019-10161.json
View File

@ -66,6 +66,11 @@
"refsource": "UBUNTU",
"name": "USN-4047-2",
"url": "https://usn.ubuntu.com/4047-2/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-18",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
},

5
2019/10xxx/CVE-2019-10164.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-e43f49b428",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-03",
"url": "https://security.gentoo.org/glsa/202003-03"
}
]
},

5
2019/10xxx/CVE-2019-10166.json
View File

@ -56,6 +56,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-18",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
},

5
2019/10xxx/CVE-2019-10167.json
View File

@ -64,6 +64,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-18",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
},

5
2019/10xxx/CVE-2019-10168.json
View File

@ -64,6 +64,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168",
"refsource": "CONFIRM"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-18",
"url": "https://security.gentoo.org/glsa/202003-18"
}
]
},

5
2019/10xxx/CVE-2019-10173.json
View File

@ -68,6 +68,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0445",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
},

5
2019/10xxx/CVE-2019-10174.json
View File

@ -56,6 +56,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0481",
"url": "https://access.redhat.com/errata/RHSA-2020:0481"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
},

5
2019/10xxx/CVE-2019-10184.json
View File

@ -98,6 +98,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3046",
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
},

5
2019/10xxx/CVE-2019-10195.json
View File

@ -92,6 +92,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0378",
"url": "https://access.redhat.com/errata/RHSA-2020:0378"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:4268",
"url": "https://access.redhat.com/errata/RHBA-2019:4268"
}
]
},

5
2019/10xxx/CVE-2019-10212.json
View File

@ -53,6 +53,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2998",
"url": "https://access.redhat.com/errata/RHSA-2019:2998"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0727",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
},

5
2019/10xxx/CVE-2019-10673.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9250",
"url": "https://wpvulndb.com/vulnerabilities/9250"
}
]
}

66
2019/10xxx/CVE-2019-10705.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en",
"refsource": "MISC",
"name": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en"
},
{
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
},
{
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd"
}
]
}

66
2019/10xxx/CVE-2019-10706.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en",
"refsource": "MISC",
"name": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en"
},
{
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
},
{
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd"
}
]
}

55
2019/10xxx/CVE-2019-10807.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "blamer",
"version": {
"version_data": [
{
"version_value": "All versions prior to 1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c,",
"url": "https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c,"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-BLAMER-559541",
"url": "https://snyk.io/vuln/SNYK-JS-BLAMER-559541"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer."
}
]
}

55
2019/10xxx/CVE-2019-10808.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "utilitify",
"version": {
"version_data": [
{
"version_value": "All versions prior to 1.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1,",
"url": "https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1,"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497",
"url": "https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype."
}
]
}

4
2019/10xxx/CVE-2019-10923.json
View File

@ -159,7 +159,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.X.17"
}
]
}
@ -386,7 +386,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations."
"value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations."
}
]
},

56
2019/10xxx/CVE-2019-10929.json
View File

@ -24,6 +24,26 @@
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions <= 20.8"
}
]
}
},
{
"product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC",
"version": {
@ -59,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V16"
"version_value": "All versions"
}
]
}
@ -84,6 +104,16 @@
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant)",
"version": {
"version_data": [
{
"version_value": "All versions <= V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant)",
"version": {
@ -99,7 +129,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions <= V20.8"
}
]
}
@ -134,16 +164,6 @@
]
}
},
{
"product_name": "SIMATIC WinCC OA",
"version": {
"version_data": [
{
"version_value": "All versions <= 3.16 patch version 12"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version": {
@ -164,16 +184,6 @@
]
}
},
{
"product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.1"
}
]
}
},
{
"product_name": "TIM 1531 IRC (incl. SIPLUS variant)",
"version": {
@ -206,7 +216,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions < V16), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication."
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication."
}
]
},

2
2019/10xxx/CVE-2019-10936.json
View File

@ -339,7 +339,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.X.17"
}
]
}

34
2019/10xxx/CVE-2019-10943.json
View File

@ -14,6 +14,26 @@
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions <= 20.8"
}
]
}
},
{
"product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC",
"version": {
@ -54,6 +74,16 @@
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant)",
"version": {
"version_data": [
{
"version_value": "All versions <= V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant)",
"version": {
@ -69,7 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions <= V20.8"
}
]
}
@ -96,7 +126,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication."
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication."
}
]
},

5
2019/11xxx/CVE-2019-11005.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11006.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11007.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11008.json
View File

@ -106,6 +106,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11009.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11010.json
View File

@ -81,6 +81,11 @@
"refsource": "UBUNTU",
"name": "USN-4207-1",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4640",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}

5
2019/11xxx/CVE-2019-11027.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1956-1] ruby-openid security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00014.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-09",
"url": "https://security.gentoo.org/glsa/202003-09"
}
]
}

5
2019/11xxx/CVE-2019-11038.json
View File

@ -140,6 +140,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3299",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0332",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
}
]
},

5
2019/11xxx/CVE-2019-11135.json
View File

@ -178,6 +178,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0666",
"url": "https://access.redhat.com/errata/RHSA-2020:0666"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0730",
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
}
]
},

Some files were not shown because too many files have changed in this diff Show More