admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-02-06 16:01:10 +00:00
parent 898ba5a5b4
commit 5f822340ab
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 713 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2013/4xxx/CVE-2013-4521.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4521",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,64 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nuxeo",
"product": {
"product_data": [
{
"product_name": "Nuxeo Platform",
"version": {
"version_data": [
{
"version_value": "5.6.0 before HF27"
},
{
"version_value": "5.8.0 before HF-01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027052"
},
{
"refsource": "CONFIRM",
"name": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes",
"url": "http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec",
"url": "https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec"
}
]
}

72
2014/10xxx/CVE-2014-10399.json Normal file
View File

@ -0,0 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-10399",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
}
}

72
2014/10xxx/CVE-2014-10400.json Normal file
View File

@ -0,0 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-10400",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
}
}

58
2014/2xxx/CVE-2014-2875.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2875",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}

5
2017/18xxx/CVE-2017-18640.json
View File

@ -61,6 +61,11 @@
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages",
"refsource": "MISC",
"name": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"refsource": "MISC",
"name": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack",
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
}
]
}

5
2018/17xxx/CVE-2018-17200.json
View File

@ -48,6 +48,11 @@
"refsource": "MLIST",
"name": "[ofbiz-dev] 20190910 [CVE-2018-17200] Apache OFBiz unauthenticated remote code execution vulnerability in HttpEngine",
"url": "https://s.apache.org/m9boi"
},
{
"refsource": "MLIST",
"name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php",
"url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E"
}
]
},

5
2019/0xxx/CVE-2019-0189.json
View File

@ -58,6 +58,11 @@
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20190913 [jira] [Updated] (OFBIZ-10770) Update Apache commons-fileupload to last version (CVE-2019-0189)",
"url": "https://lists.apache.org/thread.html/986ed5f1a0e209f87ed4a2d348ae5735054f9188912bb2fed7a5543f@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php",
"url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E"
}
]
},

5
2019/10xxx/CVE-2019-10073.json
View File

@ -48,6 +48,11 @@
"refsource": "MLIST",
"name": "[ofbiz-dev] 20190910 [CVE-2019-10073] Apache OFBiz XSS vulnerability in the \"ecommerce\" component",
"url": "https://s.apache.org/w6edy"
},
{
"refsource": "MLIST",
"name": "[ofbiz-commits] 20200206 svn commit: r1873710 - in /ofbiz/site: security.html template/page/security.tpl.php",
"url": "https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151@%3Ccommits.ofbiz.apache.org%3E"
}
]
},

55
2019/10xxx/CVE-2019-10789.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "curling.js",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-CURLING-546484",
"url": "https://snyk.io/vuln/SNYK-JS-CURLING-546484"
},
{
"refsource": "MISC",
"name": "https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56",
"url": "https://github.com/hgarcia/curling/blob/e861d625c074679a2931bcf4ce8da0afa8162c53/lib/curl-transport.js#L56"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization."
}
]
}

62
2019/15xxx/CVE-2019-15711.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15711",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClientLinux",
"version": {
"version_data": [
{
"version_value": "FortiClientLinux 6.2.1 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-19-238",
"url": "https://fortiguard.com/psirt/FG-IR-19-238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted \"ExportLogs\" type IPC client requests to the fctsched process."
}
]
}
}

62
2019/16xxx/CVE-2019-16152.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-16152",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClientLinux",
"version": {
"version_data": [
{
"version_value": "FortiClientLinux 6.2.1 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-19-238",
"url": "https://fortiguard.com/psirt/FG-IR-19-238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated."
}
]
}
}

62
2019/17xxx/CVE-2019-17652.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17652",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClientLinux",
"version": {
"version_data": [
{
"version_value": "FortiClientLinux 6.2.1 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-19-238",
"url": "https://fortiguard.com/psirt/FG-IR-19-238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted \"StartAvCustomScan\" type IPC client requests to the fctsched process due the argv data not been well sanitized."
}
]
}
}

65
2020/5xxx/CVE-2020-5854.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.1"
},
{
"version_value": "14.1.0-14.1.2.2"
},
{
"version_value": "14.0.0-14.0.1"
},
{
"version_value": "13.1.0-13.1.3.1"
},
{
"version_value": "12.1.0-12.1.5"
},
{
"version_value": "11.6.0-11.6.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K50046200",
"url": "https://support.f5.com/csp/article/K50046200"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made."
}
]
}

50
2020/5xxx/CVE-2020-5855.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "Edge Client for Windows",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K55102004",
"url": "https://support.f5.com/csp/article/K55102004"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user."
}
]
}

53
2020/5xxx/CVE-2020-5856.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-5856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "F5",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "15.0.0-15.0.1.1"
},
{
"version_value": "14.1.0-14.1.2.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K00025388",
"url": "https://support.f5.com/csp/article/K00025388"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart."
}
]
}

18
2020/8xxx/CVE-2020-8768.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/8xxx/CVE-2020-8769.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}