admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-12 17:01:18 +00:00
parent 25c2a1638f
commit 2919bf0ea9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 580 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2011/4xxx/CVE-2011-4661.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-4661",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IOS",
"version": {
"version_data": [
{
"version_value": "before 15.2(1)T"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html",
"refsource": "MISC",
"name": "https://www.cisco.com/c/en/us/td/docs/ios/15_2m_and_t/release/notes/15_2m_and_t/152-1TCAVS.html"
}
]
}

55
2012/0xxx/CVE-2012-0951.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0951",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NVIDIA",
"product": {
"product_data": [
{
"product_name": "graphics drivers",
"version": {
"version_data": [
{
"version_value": "29549"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html",
"refsource": "MISC",
"name": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0951.html"
},
{
"refsource": "MISC",
"name": "https://vuldb.com/?id.10060",
"url": "https://vuldb.com/?id.10060"
}
]
}

63
2013/2xxx/CVE-2013-2637.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2637",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"url": "http://www.securityfocus.com/bid/58930",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58930"
},
{
"url": "http://www.exploit-db.com/exploits/24922",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/24922"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
}
]
}

5
2018/18xxx/CVE-2018-18898.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://bestpractical.com/download-page",
"url": "https://bestpractical.com/download-page"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200212 [SECURITY] [DLA 2101-1] libemail-address-list-perl security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00009.html"
}
]
}

180
2019/4xxx/CVE-2019-4427.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/1356087",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/1356087",
"title" : "IBM Security Bulletin 1356087 (Cloud CLI)"
},
{
"name" : "ibm-cli-cve20194427-info-disc (162773)",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162773"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4427",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-05T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud CLI",
"version" : {
"version_data" : [
{
"version_value" : "0.6.0"
},
{
"version_value" : "0.16.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/1356087",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/1356087",
"title": "IBM Security Bulletin 1356087 (Cloud CLI)"
},
{
"name": "ibm-cli-cve20194427-info-disc (162773)",
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162773"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.900",
"AC" : "H",
"UI" : "N",
"C" : "H",
"I" : "N",
"AV" : "N",
"PR" : "N",
"A" : "N",
"S" : "U"
},
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
}
}
},
"data_format" : "MITRE"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4427",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-05T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud CLI",
"version": {
"version_data": [
{
"version_value": "0.6.0"
},
{
"version_value": "0.16.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.900",
"AC": "H",
"UI": "N",
"C": "H",
"I": "N",
"AV": "N",
"PR": "N",
"A": "N",
"S": "U"
},
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
}
}
},
"data_format": "MITRE"
}

180
2019/4xxx/CVE-2019-4431.json
View File

@ -1,93 +1,93 @@
{
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "H",
"RL" : "O"
},
"BM" : {
"S" : "C",
"A" : "N",
"PR" : "L",
"I" : "L",
"C" : "L",
"AV" : "N",
"UI" : "R",
"AC" : "L",
"SCORE" : "5.400"
}
}
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
}
]
},
"product_name" : "Rational Publishing Engine"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "H",
"RL": "O"
},
"BM": {
"S": "C",
"A": "N",
"PR": "L",
"I": "L",
"C": "L",
"AV": "N",
"UI": "R",
"AC": "L",
"SCORE": "5.400"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888."
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1942929 (Rational Publishing Engine)",
"name" : "https://www.ibm.com/support/pages/node/1942929",
"url" : "https://www.ibm.com/support/pages/node/1942929",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162888",
"name" : "ibm-pe-cve20194431-xss (162888)",
"title" : "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4431",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-11T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
}
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
}
]
},
"product_name": "Rational Publishing Engine"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888."
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1942929 (Rational Publishing Engine)",
"name": "https://www.ibm.com/support/pages/node/1942929",
"url": "https://www.ibm.com/support/pages/node/1942929",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162888",
"name": "ibm-pe-cve20194431-xss (162888)",
"title": "X-Force Vulnerability Report"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4431",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-11T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
}

174
2019/4xxx/CVE-2019-4741.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2020-02-10T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4741"
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/1846569",
"title" : "IBM Security Bulletin 1846569 (Content Navigator)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1846569"
},
{
"name" : "ibm-cn-cve20194741-ssrf (172815)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"I" : "L",
"C" : "N",
"AV" : "N",
"A" : "N",
"S" : "U",
"PR" : "N",
"UI" : "N",
"SCORE" : "5.300",
"AC" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_type": "CVE",
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
{
"version_value" : "3.0CD"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
}
}
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2020-02-10T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4741"
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1846569",
"title": "IBM Security Bulletin 1846569 (Content Navigator)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1846569"
},
{
"name": "ibm-cn-cve20194741-ssrf (172815)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172815",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"I": "L",
"C": "N",
"AV": "N",
"A": "N",
"S": "U",
"PR": "N",
"UI": "N",
"SCORE": "5.300",
"AC": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value": "3.0CD"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

80
2020/7xxx/CVE-2020-7046.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7046",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-7046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/1",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/1"
},
{
"refsource": "CONFIRM",
"name": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html",
"url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
}

80
2020/7xxx/CVE-2020-7957.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-7957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/2",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/2"
},
{
"refsource": "CONFIRM",
"name": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html",
"url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:R",
"version": "3.0"
}
}
}