admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-25 18:02:11 +00:00
parent 13cbb7a39c
commit 5cba8d09f9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 459 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2011/4xxx/CVE-2011-4924.json
View File

@ -1,8 +1,46 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4924",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zope",
"product": {
"product_data": [
{
"product_name": "zope2, zope3",
"version": {
"version_data": [
{
"version_value": "2.8.x before 2.8.12"
},
{
"version_value": "2.9.x before 2.9.12"
},
{
"version_value": "2.10.x before 2.10.11"
},
{
"version_value": "2.11.x before 2.11.6"
},
{
"version_value": "and 2.12.x before 2.12.3"
},
{
"version_value": "3.1.1through 3.4.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +49,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete upstream patch for CVE-2010-1104 issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4924",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4924"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-4924",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-4924"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/19/19"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/19/16",
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/16"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/19/17",
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/17"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/19/18",
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/18"
}
]
}

75
2012/6xxx/CVE-2012-6639.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6639",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cloud-init",
"product": {
"product_data": [
{
"product_name": "cloud-init",
"version": {
"version_data": [
{
"version_value": "before 0.7.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure transmission of EC2 instance data can lead to root privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6639",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6639",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6639"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6639",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6639"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-6639",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-6639"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/03/06/7"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/66019/references",
"url": "https://www.securityfocus.com/bid/66019/references"
}
]
}

230
2018/2xxx/CVE-2018-2025.json
View File

@ -1,118 +1,118 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "8.1.0.0"
},
{
"version_value" : "8.1.8.0"
},
{
"version_value" : "7.1.8.5"
}
]
},
"product_name" : "Spectrum Protect Backup-Archive Client"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "7.1.8.5"
},
{
"version_value" : "8.1.0.0"
},
{
"version_value" : "8.1.8.0"
}
]
},
"product_name" : "Spectrum Protect for Virtual Environments"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "8.1.0.0"
},
{
"version_value": "8.1.8.0"
},
{
"version_value": "7.1.8.5"
}
]
},
"product_name": "Spectrum Protect Backup-Archive Client"
},
{
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.8.5"
},
{
"version_value": "8.1.0.0"
},
{
"version_value": "8.1.8.0"
}
]
},
"product_name": "Spectrum Protect for Virtual Environments"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"A" : "N",
"S" : "U",
"AV" : "L",
"I" : "L",
"C" : "L",
"SCORE" : "5.100",
"AC" : "L",
"PR" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-11-22T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2018-2025"
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/1107261",
"name" : "https://www.ibm.com/support/pages/node/1107261",
"title" : "IBM Security Bulletin 1107261 (Spectrum Protect Backup-Archive Client)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tsm-cve20182025-info-disc (155551)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155551"
}
]
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"A": "N",
"S": "U",
"AV": "L",
"I": "L",
"C": "L",
"SCORE": "5.100",
"AC": "L",
"PR": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-11-22T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2018-2025"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/1107261",
"name": "https://www.ibm.com/support/pages/node/1107261",
"title": "IBM Security Bulletin 1107261 (Spectrum Protect Backup-Archive Client)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tsm-cve20182025-info-disc (155551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155551"
}
]
}
}

2
2019/16xxx/CVE-2019-16765.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf.\n\nThis is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism.\n\nAfter upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
"value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
}
]
},

62
2019/19xxx/CVE-2019-19252.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/"
}
]
}
}

18
2019/19xxx/CVE-2019-19253.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

192
2019/4xxx/CVE-2019-4406.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.1.0.0"
},
{
"version_value" : "7.1.8.6"
},
{
"version_value" : "8.1.0.0"
},
{
"version_value" : "8.1.8.0"
}
]
},
"product_name" : "Spectrum Protect Backup-Archive Client"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.8.6"
},
{
"version_value": "8.1.0.0"
},
{
"version_value": "8.1.8.0"
}
]
},
"product_name": "Spectrum Protect Backup-Archive Client"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"PR" : "H",
"AC" : "L",
"SCORE" : "4.400",
"I" : "N",
"C" : "N",
"A" : "H",
"S" : "U",
"AV" : "L",
"UI" : "N"
}
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 1107777 (Spectrum Protect Backup-Archive Client)",
"name" : "https://www.ibm.com/support/pages/node/1107777",
"url" : "https://www.ibm.com/support/pages/node/1107777",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tsm-cve20194406-dos (162477)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/162477",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2019-4406",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2019-11-22T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
}
}
},
"data_type": "CVE",
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"PR": "H",
"AC": "L",
"SCORE": "4.400",
"I": "N",
"C": "N",
"A": "H",
"S": "U",
"AV": "L",
"UI": "N"
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 1107777 (Spectrum Protect Backup-Archive Client)",
"name": "https://www.ibm.com/support/pages/node/1107777",
"url": "https://www.ibm.com/support/pages/node/1107777",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-tsm-cve20194406-dos (162477)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162477",
"refsource": "XF"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2019-4406",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2019-11-22T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
}
}