admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-27 21:00:58 +00:00
parent 89cb853e96
commit 1997588460
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 333 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2011/2xxx/CVE-2011-2515.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2515",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "packagekit",
"product": {
"product_data": [
{
"product_name": "packagekit",
"version": {
"version_data": [
{
"version_value": "0.6.15"
},
{
"version_value": "0.6.17"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "installs unsigned RPM packages as though they were signed"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2515",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"refsource": "BID",
"name": "48557",
"url": "https://www.securityfocus.com/bid/48557/info"
}
]
}

70
2011/2xxx/CVE-2011-2523.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2523",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vsftpd",
"product": {
"product_data": [
{
"product_name": "vsftpd",
"version": {
"version_data": [
{
"version_value": "2.3.4 downloaded between 20110630 and 20110703"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2523",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2523"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2523",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2523"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110711 Re: vsftpd download backdoored",
"url": "https://www.openwall.com/lists/oss-security/2011/07/11/5"
},
{
"refsource": "MISC",
"name": "https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805",
"url": "https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html",
"url": "https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html"
}
]
}

65
2011/2xxx/CVE-2011-2717.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2717",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dhcpv6 project",
"product": {
"product_data": [
{
"product_name": "dhcpv6",
"version": {
"version_data": [
{
"version_value": "through 2011-07-25"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient checking of DHCP options"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2717",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2717"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2717",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2717"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110726 Re: CVE request - dhcp clients",
"url": "https://www.openwall.com/lists/oss-security/2011/07/26/9"
},
{
"refsource": "MISC",
"name": "https://vigilance.fr/vulnerability/dhcp6c-shell-command-injection-10869",
"url": "https://vigilance.fr/vulnerability/dhcp6c-shell-command-injection-10869"
}
]
}

51
2018/9xxx/CVE-2018-9195.json
View File

@ -15,15 +15,29 @@
"product": {
"product_data": [
{
"product_name": "FortiClient for Windows, FortiOS, FortiClient for Mac OS",
"product_name": "FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.6 and below"
},
{
"version_value": "FortiClient for Windows 6.0.6 and below"
},
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.7 and below"
}
]
}
},
{
"product_name": "FortiClient for Mac OS",
"version": {
"version_data": [
{
"version_value": "FortiClient for Mac OS 6.2.1 and below"
}
@ -54,31 +68,6 @@
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-100",
"url": "https://fortiguard.com/advisory/FG-IR-18-100"
},
{
"refsource": "BUGTRAQ",
"name": "20191125 SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "https://seclists.org/bugtraq/2019/Nov/38"
},
{
"refsource": "FULLDISC",
"name": "20191125 SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "http://seclists.org/fulldisclosure/2019/Nov/22"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155463/FortiOS-6.0.6-FortiClientWindows-6.0.6-FortiClientMac-6.2.1-XOR-Encryption.html",
"url": "http://packetstormsecurity.com/files/155463/FortiOS-6.0.6-FortiClientWindows-6.0.6-FortiClientMac-6.2.1-XOR-Encryption.html"
},
{
"refsource": "FULLDISC",
"name": "20191126 Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "http://seclists.org/fulldisclosure/2019/Nov/28"
},
{
"refsource": "BUGTRAQ",
"name": "20191126 Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "https://seclists.org/bugtraq/2019/Nov/42"
}
]
},
@ -86,7 +75,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages."
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below."
}
]
}

65
2019/15xxx/CVE-2019-15705.json Normal file
View File

@ -0,0 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15705",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiGate",
"version": {
"version_data": [
{
"version_value": "FortiOS versions 6.2.1 and below"
},
{
"version_value": "FortiOS versions 6.0.6 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-19-236",
"url": "https://fortiguard.com/advisory/FG-IR-19-236"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request."
}
]
}
}

61
2019/6xxx/CVE-2019-6674.json
View File

@ -1,17 +1,64 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6674",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-6674",
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "SSL Orchestrator",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1"
},
{
"version_value": "14.0.0-14.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K21135478",
"url": "https://support.f5.com/csp/article/K21135478"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration."
}
]
}