admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-15 17:01:45 +00:00
parent b48aab8d43
commit 5b4567501a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 301 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2011/0xxx/CVE-2011-0703.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0703",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gksu-polkit",
"product": {
"product_data": [
{
"product_name": "gksu-polkit",
"version": {
"version_data": [
{
"version_value": "before 0.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0703",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-0703"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-0703",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-0703"
}
]
}

75
2011/2xxx/CVE-2011-2726.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2726",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "drupal core",
"product": {
"product_data": [
{
"product_name": "drupal core",
"version": {
"version_data": [
{
"version_value": "7.x before version 7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2726",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2726"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2726"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2726",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2726"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/10",
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/10"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/20/14",
"url": "http://www.openwall.com/lists/oss-security/2012/03/20/14"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/node/1231510",
"url": "https://www.drupal.org/node/1231510"
}
]
}

60
2011/2xxx/CVE-2011-2910.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2910",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ax25-tools",
"product": {
"product_data": [
{
"product_name": "ax25-tools",
"version": {
"version_data": [
{
"version_value": "before 0.0.8-13"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "possible privilege escalation due to failure to check for s*id return values"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2910",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2910"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2910"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2910",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2910"
}
]
}

29
2016/5xxx/CVE-2016-5202.json
View File

@ -8,10 +8,11 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "chromium-browser",
"product": {
"product_data": [
{
"product_name": "Chrome",
"product_name": "chromium-browser",
"version": {
"version_data": [
{
@ -21,8 +22,7 @@
}
}
]
},
"vendor_name": "Google"
}
}
]
}
@ -44,7 +44,7 @@
"description": [
{
"lang": "eng",
"value": "incorrect erase operation"
"value": "fixes from internal audits"
}
]
}
@ -53,29 +53,24 @@
"references": {
"reference_data": [
{
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=658106#c36",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-5202",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=658106#c36"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-5202"
},
{
"url": "https://chromiumcodereview.appspot.com/2436403003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5202",
"refsource": "MISC",
"name": "https://chromiumcodereview.appspot.com/2436403003"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5202"
},
{
"url": "https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5202",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html"
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5202"
},
{
"url": "https://crbug.com/662843",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00029.html",
"refsource": "MISC",
"name": "https://crbug.com/662843"
},
{
"url": "https://crbug.com/656073",
"refsource": "MISC",
"name": "https://crbug.com/656073"
"name": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00029.html"
}
]
}

58
2018/18xxx/CVE-2018-18368.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-18368",
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection Manager (SEPM)",
"version": {
"version_data": [
{
"version_value": "prior to 14.2 RU1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
]
}

50
2019/12xxx/CVE-2019-12756.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection (SEP)",
"version": {
"version_data": [
{
"version_value": "prior to 14.2 RU2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.symantec.com/us/en/article.SYMSA1488.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1488.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights."
}
]
}

10
2019/14xxx/CVE-2019-14869.json
View File

@ -53,6 +53,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f",
"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f",
"refsource": "CONFIRM"
},
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=701841",
"refsource": "CONFIRM"
}
]
},