admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-13 21:01:36 +00:00
parent 35d59ed285
commit 549a58b45b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 566 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2010/4xxx/CVE-2010-4657.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4657",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "php5",
"product": {
"product_data": [
{
"product_name": "php5",
"version": {
"version_data": [
{
"version_value": "before 5.4.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4657",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4657"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657"
},
{
"url": "https://access.redhat.com/security/cve/cve-2010-4657",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2010-4657"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/php/%2Bbug/655442",
"url": "https://bugs.launchpad.net/php/%2Bbug/655442"
}
]
}

65
2010/4xxx/CVE-2010-4661.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4661",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "udisks",
"product": {
"product_data": [
{
"product_name": "udisks",
"version": {
"version_data": [
{
"version_value": "before 1.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4661",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4661"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4661",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4661"
},
{
"url": "https://access.redhat.com/security/cve/cve-2010-4661",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2010-4661"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html"
}
]
}

60
2011/4xxx/CVE-2011-4972.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4972",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CKSource",
"product": {
"product_data": [
{
"product_name": "CKEditor Drupal module",
"version": {
"version_data": [
{
"version_value": "7.x-1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://drupal.org/node/1337006",
"url": "https://drupal.org/node/1337006"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/04/5",
"url": "http://www.openwall.com/lists/oss-security/2013/06/04/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/04/7",
"url": "http://www.openwall.com/lists/oss-security/2013/06/04/7"
}
]
}

53
2012/5xxx/CVE-2012-5193.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5193",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-016-multiple-vulnerabilities-in-bitweaver/",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/twsl2012-016-multiple-vulnerabilities-in-bitweaver/"
},
{
"refsource": "EXPLOIT-DB",
"name": "22216",
"url": "https://www.exploit-db.com/exploits/22216"
}
]
}

58
2013/3xxx/CVE-2013-3367.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3367",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G\u00acDFdg_24Mhw3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"url": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"name": "https://www.ise.io/soho_service_hacks/"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
}
]
}

91
2013/4xxx/CVE-2013-4275.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4275",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,92 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the \"administer themes\" permission to inject arbitrary web script or HTML via the breadcrumb separator field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zen",
"product": {
"product_data": [
{
"product_name": "Zen theme",
"version": {
"version_data": [
{
"version_value": "6.x-1.x"
},
{
"version_value": "7.x-3.x before 7.x-3.2"
},
{
"version_value": "and 7.x-5.x before 7.x-5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.madirish.net/?article=452",
"url": "http://www.madirish.net/?article=452"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/2071157",
"url": "https://drupal.org/node/2071157"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Aug/226",
"url": "http://seclists.org/fulldisclosure/2013/Aug/226"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/08/22/2",
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/2071055",
"url": "https://drupal.org/node/2071055"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/2071065",
"url": "https://drupal.org/node/2071065"
},
{
"refsource": "MISC",
"name": "https://drupal.org/node/754000",
"url": "https://drupal.org/node/754000"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61922",
"url": "http://www.securityfocus.com/bid/61922"
}
]
}

53
2014/1xxx/CVE-2014-1214.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1214",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91020"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
}

67
2019/17xxx/CVE-2019-17515.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/cleantalk-spam-protect/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cleantalk-spam-protect/#developers"
},
{
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2172333",
"url": "https://plugins.trac.wordpress.org/changeset/2172333"
}
]
}
}

72
2019/17xxx/CVE-2019-17550.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/blog2social/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/blog2social/#developers"
},
{
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/2186043",
"url": "https://plugins.trac.wordpress.org/changeset/2186043"
},
{
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/log/blog2social/",
"url": "https://plugins.trac.wordpress.org/log/blog2social/"
}
]
}
}