admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-20 15:01:56 +00:00
parent 53d755de59
commit 1ac0a0a6c3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 375 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2011/1xxx/CVE-2011-1028.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1028",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "smarty3",
"version": {
"version_data": [
{
"version_value": "3"
}
]
}
}
]
},
"vendor_name": "smarty3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1028",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1028"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-1028",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-1028"
},
{
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2011/q1/313",
"url": "https://seclists.org/oss-sec/2011/q1/313"
}
]
}

55
2012/6xxx/CVE-2012-6136.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6136",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tuned",
"version": {
"version_data": [
{
"version_value": "2.10.0-1"
}
]
}
}
]
},
"vendor_name": "tuned"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6136",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6136"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136"
}
]
}

60
2013/0xxx/CVE-2013-0193.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0193",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "piwik",
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0193",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"refsource": "CONFIRM",
"name": "https://matomo.org/changelog/piwik-1-10/",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}

60
2013/0xxx/CVE-2013-0194.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0194",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "piwik",
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "1.10.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0194",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0194"
},
{
"refsource": "CONFIRM",
"name": "https://matomo.org/changelog/piwik-1-10/",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}

60
2013/0xxx/CVE-2013-0195.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0195",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "piwik",
"version": {
"version_data": [
{
"version_value": "through 2013"
}
]
}
}
]
},
"vendor_name": "piwik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/15",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/15"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0195",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0195"
},
{
"refsource": "CONFIRM",
"name": "https://matomo.org/changelog/piwik-1-10/",
"url": "https://matomo.org/changelog/piwik-1-10/"
}
]
}

50
2016/5xxx/CVE-2016-5194.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5194",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "before 54.0.2840.59"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unspecified vulnerabilities in Google Chrome before 54.0.2840.59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "various fixes from internal audits"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html"
}
]
}

50
2016/9xxx/CVE-2016-9652.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-9652",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "before 55.0.2883.75"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unspecified vulnerabilities in Google Chrome before 55.0.2883.75."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "various fixes from internal audits"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html",
"url": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html"
}
]
}

2
2019/11xxx/CVE-2019-11687.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files. Credit for the discovery of this vulnerability goes to Markel Picado Ortiz (d00rt) of Cylera Labs."
"value": "An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files."
}
]
},