admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
jpattrendmicro 2020-01-17 12:49:18 -08:00
commit 71608be6c6
893 changed files with 39080 additions and 2130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2005/4xxx/CVE-2005-4891.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-4891",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Simple Machine Forum",
"product": {
"product_data": [
{
"product_name": "Simple Machine Forum",
"version": {
"version_data": [
{
"version_value": "1.0.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/14/10"
},
{
"refsource": "MISC",
"name": "https://securiteam.com/exploits/5HP0N0KG0O/",
"url": "https://securiteam.com/exploits/5HP0N0KG0O/"
}
]
}

63
2007/4xxx/CVE-2007-4773.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4773",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Systrace before 1.6.0 has insufficient escape policy enforcement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.citi.umich.edu/u/provos/systrace/",
"refsource": "MISC",
"name": "http://www.citi.umich.edu/u/provos/systrace/"
},
{
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.html",
"url": "http://taviso.decsystem.org/research.html"
},
{
"url": "http://taviso.decsystem.org/research.t2t",
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.t2t"
},
{
"refsource": "MISC",
"name": "https://www.provos.org/index.php?/archives/2007/12/C2.html",
"url": "https://www.provos.org/index.php?/archives/2007/12/C2.html"
}
]
}

53
2007/4xxx/CVE-2007-4774.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4774",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.html",
"url": "http://taviso.decsystem.org/research.html"
},
{
"url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60",
"refsource": "MISC",
"name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60"
}
]
}

14
2007/6xxx/CVE-2007-6070.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2007-6070",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

55
2009/1xxx/CVE-2009-1120.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2009-1120",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RepliStor",
"version": {
"version_data": [
{
"version_value": "before ESA-09-003"
}
]
}
}
]
},
"vendor_name": "EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/",
"refsource": "MISC",
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/"
},
{
"refsource": "MISC",
"name": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution",
"url": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution"
}
]
}

55
2009/3xxx/CVE-2009-3724.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3724",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-markdown2",
"product": {
"product_data": [
{
"product_name": "python-markdown2",
"version": {
"version_data": [
{
"version_value": "before 1.0.1.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2009/10/29/5",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2009/10/29/5"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000",
"url": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000"
}
]
}

60
2009/5xxx/CVE-2009-5025.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5025",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PyForum",
"product": {
"product_data": [
{
"product_name": "PyForum",
"version": {
"version_data": [
{
"version_value": "v1.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://packetstormsecurity.com/files/cve/CVE-2009-5025",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/cve/CVE-2009-5025"
},
{
"url": "https://www.openwall.com/lists/oss-security/2011/07/26/7",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/07/26/7"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2009/Nov/353",
"url": "https://seclists.org/fulldisclosure/2009/Nov/353"
}
]
}

50
2009/5xxx/CVE-2009-5068.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5068",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SMF",
"product": {
"product_data": [
{
"product_name": "SMF",
"version": {
"version_data": [
{
"version_value": "through 2.0.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "file disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/01/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/01/4"
}
]
}

5
2010/0xxx/CVE-2010-0055.json
View File

@ -61,6 +61,11 @@
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6490123c7c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXQ3NRRTC4A3F3GW2RQNATJHYDIRSCBS/"
}
]
}

5
2010/2xxx/CVE-2010-2076.json
View File

@ -101,6 +101,11 @@
"name": "40969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40969"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

50
2010/3xxx/CVE-2010-3048.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-3048",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Unified Personal Communicator",
"version": {
"version_data": [
{
"version_value": "7.0 (1.13056)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml",
"refsource": "MISC",
"name": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml"
}
]
}

5
2011/1xxx/CVE-2011-1096.json
View File

@ -176,6 +176,11 @@
"refsource": "MLIST",
"name": "[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html",
"url": "https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

55
2011/2xxx/CVE-2011-2706.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2706",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sNews",
"version": {
"version_data": [
{
"version_value": "1.7.1"
}
]
}
}
]
},
"vendor_name": "sNews"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/07/20/17",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/07/20/17"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2011/May/300",
"url": "https://seclists.org/fulldisclosure/2011/May/300"
}
]
}

60
2011/2xxx/CVE-2011-2714.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2714",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Data-module",
"version": {
"version_data": [
{
"version_value": "6.x-1.0-alpha14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/07/26/8",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/07/26/8"
},
{
"refsource": "MISC",
"name": "https://www.drupal.org/node/1056470",
"url": "https://www.drupal.org/node/1056470"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2011/Feb/219",
"url": "https://seclists.org/fulldisclosure/2011/Feb/219"
}
]
}

55
2011/2xxx/CVE-2011-2715.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2715",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Data-module",
"version": {
"version_data": [
{
"version_value": "6.x-1.0-alpha14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/07/26/8",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/07/26/8"
},
{
"refsource": "MISC",
"name": "https://www.drupal.org/node/1056470",
"url": "https://www.drupal.org/node/1056470"
}
]
}

50
2011/2xxx/CVE-2011-2933.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2933",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebsiteBaker",
"version": {
"version_data": [
{
"version_value": "through 2.8.1"
}
]
}
}
]
},
"vendor_name": "WebsiteBaker"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/08/19/12",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/08/19/12"
}
]
}

50
2011/2xxx/CVE-2011-2934.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2934",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebsiteBaker",
"version": {
"version_data": [
{
"version_value": "through 2.8.1"
}
]
}
}
]
},
"vendor_name": "WebsiteBaker"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/08/19/13",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/08/19/13"
}
]
}

50
2011/3xxx/CVE-2011-3183.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3183",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concrete CMS",
"version": {
"version_data": [
{
"version_value": "through 5.4.1.1"
}
]
}
}
]
},
"vendor_name": "Concrete CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/08/22/11",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/08/22/11"
}
]
}

50
2011/3xxx/CVE-2011-3202.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3202",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jcow CMS",
"version": {
"version_data": [
{
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "Jcow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/08/30/5",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/08/30/5"
}
]
}

50
2011/3xxx/CVE-2011-3203.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3203",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jcow CMS",
"version": {
"version_data": [
{
"version_value": "4.x to 4.2 and 5.x to 5.2"
}
]
}
}
]
},
"vendor_name": "Jcow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/08/30/6",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/08/30/6"
}
]
}

55
2011/4xxx/CVE-2011-4336.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4336",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tiki",
"product": {
"product_data": [
{
"product_name": "Wiki CMS Groupware",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/bugtraq/2011/Nov/140",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/48806/info",
"url": "https://www.securityfocus.com/bid/48806/info"
}
]
}

55
2011/4xxx/CVE-2011-4907.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4907",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "1.5x through 1.5.12"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html",
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
}
]
}

55
2012/0xxx/CVE-2012-0070.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0070",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spamdyke",
"product": {
"product_data": [
{
"product_name": "spamdyke",
"version": {
"version_data": [
{
"version_value": "prior to 4.2.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/20/7"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070"
}
]
}

55
2012/0xxx/CVE-2012-0334.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-0334",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance AsyncOS",
"version": {
"version_data": [
{
"version_value": "prior to 7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "CONFIRM",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334"
}
]
}

5
2012/0xxx/CVE-2012-0803.json
View File

@ -61,6 +61,11 @@
"name": "http://svn.apache.org/viewvc?view=revision&revision=1233457",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1233457"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

50
2012/0xxx/CVE-2012-0945.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "whoopsie-daisy",
"product": {
"product_data": [
{
"product_name": "whoopsie-daisy",
"version": {
"version_data": [
{
"version_value": "< 0.1.26"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687"
}
]
}

55
2012/1xxx/CVE-2012-1316.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1316",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance",
"version": {
"version_data": [
{
"version_value": "through at least 2012-04-11"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "MISC",
"name": "https://www.secureworks.com/research/transitive-trust",
"url": "https://www.secureworks.com/research/transitive-trust"
}
]
}

55
2012/1xxx/CVE-2012-1326.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1326",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance",
"version": {
"version_data": [
{
"version_value": "<= 7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "CONFIRM",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326"
}
]
}

64
2012/1xxx/CVE-2012-1562.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1562",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla! core",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x versions"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! core before 2.5.3 allows unauthorized password change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html",
"url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html"
}
]
}

69
2012/1xxx/CVE-2012-1563.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1563",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x releases"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! before 2.5.3 allows Admin Account Creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Admin Account Creation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"url": "https://www.exploit-db.com/exploits/41156/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/41156/"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html",
"url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html"
}
]
}

5
2012/1xxx/CVE-2012-1695.json
View File

@ -71,6 +71,11 @@
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2012/2xxx/CVE-2012-2378.json
View File

@ -86,6 +86,11 @@
"name": "http://svn.apache.org/viewvc?view=revision&revision=1337150",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1337150"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2012/2xxx/CVE-2012-2379.json
View File

@ -141,6 +141,11 @@
"name": "RHSA-2013:0194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2012/3xxx/CVE-2012-3451.json
View File

@ -126,6 +126,11 @@
"name": "RHSA-2013:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2012/5xxx/CVE-2012-5575.json
View File

@ -126,6 +126,11 @@
"name": "RHSA-2013:0874",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0874.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2012/5xxx/CVE-2012-5633.json
View File

@ -151,6 +151,11 @@
"name": "RHSA-2013:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2013/0xxx/CVE-2013-0239.json
View File

@ -96,6 +96,11 @@
"name": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2013/2xxx/CVE-2013-2160.json
View File

@ -81,6 +81,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=929197",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=929197"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/0xxx/CVE-2014-0034.json
View File

@ -96,6 +96,11 @@
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/0xxx/CVE-2014-0035.json
View File

@ -91,6 +91,11 @@
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/0xxx/CVE-2014-0109.json
View File

@ -76,6 +76,11 @@
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/0xxx/CVE-2014-0110.json
View File

@ -76,6 +76,11 @@
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3004.json
View File

@ -81,6 +81,11 @@
"name": "67676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67676"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2014/3xxx/CVE-2014-3566.json
View File

@ -1341,6 +1341,11 @@
"name": "HPSBPI03107",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

10
2014/3xxx/CVE-2014-3577.json
View File

@ -231,6 +231,16 @@
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2014/3xxx/CVE-2014-3584.json
View File

@ -76,6 +76,11 @@
"name": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

7
2014/3xxx/CVE-2014-3596.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784."
"value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784."
}
]
},
@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2014/3xxx/CVE-2014-3623.json
View File

@ -96,6 +96,11 @@
"name": "apache-cxf-cve20143623-sec-bypass(97754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

48
2014/6xxx/CVE-2014-6448.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6448",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695"
}
]
}

65
2015/1xxx/CVE-2015-1809.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1809",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CloudBees",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}

65
2015/1xxx/CVE-2015-1811.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CloudBees",
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"refsource": "CONFIRM",
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}

14
2015/1xxx/CVE-2015-1850.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1850",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none."
}
]
}

65
2015/1xxx/CVE-2015-1869.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1869",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/17/5",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca",
"url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f",
"url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f"
}
]
}

70
2015/3xxx/CVE-2015-3147.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3147",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Following"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 2.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/17/5",
"url": "http://www.openwall.com/lists/oss-security/2015/04/17/5"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/pull/955",
"url": "https://github.com/abrt/abrt/pull/955"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091",
"url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091"
}
]
}

70
2015/3xxx/CVE-2015-3150.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3150",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 1951e7282043dfe1268d492aea056b554baedb75"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8",
"url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1",
"url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7",
"url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7"
},
{
"refsource": "MISC",
"name": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75",
"url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75"
}
]
}

75
2015/3xxx/CVE-2015-3151.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3151",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932",
"url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b",
"url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364",
"url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277",
"url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3",
"url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3"
}
]
}

60
2015/3xxx/CVE-2015-3159.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3159",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABRT",
"product": {
"product_data": [
{
"product_name": "ABRT",
"version": {
"version_data": [
{
"version_value": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b",
"url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a",
"url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a"
}
]
}

14
2015/4xxx/CVE-2015-4107.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4107",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none."
}
]
}

53
2015/5xxx/CVE-2015-5071.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5071",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html",
"url": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html"
},
{
"refsource": "CONFIRM",
"name": "https://communities.bmc.com/docs/DOC-77816",
"url": "https://communities.bmc.com/docs/DOC-77816"
}
]
}

53
2015/5xxx/CVE-2015-5072.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5072",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://communities.bmc.com/docs/DOC-77816",
"url": "https://communities.bmc.com/docs/DOC-77816"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html",
"url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html"
}
]
}

5
2015/5xxx/CVE-2015-5175.json
View File

@ -76,6 +76,11 @@
"name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19",
"refsource": "CONFIRM",
"url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

60
2015/5xxx/CVE-2015-5230.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5230",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PowerDNS",
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative Server",
"version": {
"version_data": [
{
"version_value": "3.4.x before 3.4.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3347",
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033475",
"url": "http://www.securitytracker.com/id/1033475"
}
]
}

5
2015/5xxx/CVE-2015-5253.json
View File

@ -76,6 +76,11 @@
"name": "[oss-security] 20151114 New security advisory for Apache CXF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/14/1"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

63
2015/5xxx/CVE-2015-5466.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5466",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Sep/2",
"url": "http://seclists.org/fulldisclosure/2015/Sep/2"
}
]
}

58
2015/5xxx/CVE-2015-5484.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5484",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/",
"url": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jul/68",
"url": "http://seclists.org/fulldisclosure/2015/Jul/68"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-plotly/changelog/",
"url": "https://wordpress.org/plugins/wp-plotly/changelog/"
}
]
}

48
2015/5xxx/CVE-2015-5952.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5952",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Aug/24",
"url": "http://seclists.org/fulldisclosure/2015/Aug/24"
}
]
}

68
2015/6xxx/CVE-2015-6497.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6497",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html"
},
{
"refsource": "MISC",
"name": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html",
"url": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html"
},
{
"refsource": "MISC",
"name": "http://karmainsecurity.com/KIS-2015-04",
"url": "http://karmainsecurity.com/KIS-2015-04"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Sep/48",
"url": "http://seclists.org/fulldisclosure/2015/Sep/48"
},
{
"refsource": "MISC",
"name": "http://magento.com/security/patches/supee-6482",
"url": "http://magento.com/security/patches/supee-6482"
}
]
}

48
2015/6xxx/CVE-2015-6591.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6591",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html",
"url": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html"
}
]
}

55
2015/7xxx/CVE-2015-7556.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7556",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "National Institute of Advanced Industrial Science and Technology",
"product": {
"product_data": [
{
"product_name": "DeleGate",
"version": {
"version_data": [
{
"version_value": "9.9.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.vapidlabs.com/advisory.php?v=159",
"url": "http://www.vapidlabs.com/advisory.php?v=159"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Dec/123",
"url": "http://seclists.org/fulldisclosure/2015/Dec/123"
}
]
}

48
2015/7xxx/CVE-2015-7874.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7874",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39119/",
"url": "https://www.exploit-db.com/exploits/39119/"
}
]
}

63
2015/8xxx/CVE-2015-8549.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8549",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ocert.org/advisories/ocert-2015-011.html",
"url": "http://www.ocert.org/advisories/ocert-2015-011.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://github.com/hydralabs/pyamf/pull/58",
"url": "https://github.com/hydralabs/pyamf/pull/58"
},
{
"refsource": "MISC",
"name": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0",
"url": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0"
}
]
}

5
2015/9xxx/CVE-2015-9251.json
View File

@ -191,6 +191,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-08",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/0xxx/CVE-2016-0701.json
View File

@ -146,6 +146,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

83
2016/1000xxx/CVE-2016-1000022.json
View File

@ -1,86 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-1000022",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "negotiator before 0.6.1 is vulnerable to a regular expression DoS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json",
"url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000022",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000022"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022"
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:1605",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2016:1605"
},
{
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/106",
"url": "https://www.npmjs.com/advisories/106"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

5
2016/1000xxx/CVE-2016-1000031.json
View File

@ -136,6 +136,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

10
2016/10xxx/CVE-2016-10735.json
View File

@ -101,6 +101,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3023",
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0132",
"url": "https://access.redhat.com/errata/RHSA-2020:0132"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0133",
"url": "https://access.redhat.com/errata/RHSA-2020:0133"
}
]
}

5
2016/1xxx/CVE-2016-1181.json
View File

@ -146,6 +146,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/1xxx/CVE-2016-1182.json
View File

@ -141,6 +141,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/2xxx/CVE-2016-2183.json
View File

@ -411,6 +411,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2859",
"url": "https://access.redhat.com/errata/RHSA-2019:2859"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/4xxx/CVE-2016-4000.json
View File

@ -121,6 +121,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/4xxx/CVE-2016-4464.json
View File

@ -76,6 +76,11 @@
"name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6",
"refsource": "CONFIRM",
"url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2016/5xxx/CVE-2016-5003.json
View File

@ -106,6 +106,11 @@
"name": "RHSA-2018:3768",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization",
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/1"
}
]
}

5
2016/5xxx/CVE-2016-5019.json
View File

@ -106,6 +106,11 @@
"name": "1037633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037633"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/6xxx/CVE-2016-6306.json
View File

@ -196,6 +196,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

75
2016/6xxx/CVE-2016-6592.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-6592",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Download Manager",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/94695",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/94695"
},
{
"url": "http://www.securityfocus.com/bid/95444",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/95444"
},
{
"url": "http://www.securitytracker.com/id/1037622",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037622"
},
{
"url": "http://www.securitytracker.com/id/1037623",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037623"
},
{
"url": "http://www.securitytracker.com/id/1037624",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037624"
},
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.SYMSA1394.html",
"url": "https://support.symantec.com/us/en/article.SYMSA1394.html"
}
]
}

5
2016/6xxx/CVE-2016-6812.json
View File

@ -80,6 +80,11 @@
"name": "97582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97582"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2016/6xxx/CVE-2016-6814.json
View File

@ -117,6 +117,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/8xxx/CVE-2016-8610.json
View File

@ -181,6 +181,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2016/8xxx/CVE-2016-8739.json
View File

@ -75,6 +75,11 @@
"name": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2017/1000xxx/CVE-2017-1000376.json
View File

@ -67,6 +67,11 @@
"name": "DSA-3889",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3889"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2017/12xxx/CVE-2017-12624.json
View File

@ -90,6 +90,11 @@
"name": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2017/12xxx/CVE-2017-12626.json
View File

@ -77,6 +77,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2017/12xxx/CVE-2017-12631.json
View File

@ -70,6 +70,11 @@
"name": "[cxf-user] 20171130 Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631",
"refsource": "MLIST",
"url": "http://cxf.547215.n5.nabble.com/Apache-CXF-Fediz-1-4-3-and-1-3-3-released-with-a-new-security-advisory-CVE-2017-12631-td5785868.html"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

5
2017/14xxx/CVE-2017-14735.json
View File

@ -76,6 +76,11 @@
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2017/15xxx/CVE-2017-15708.json
View File

@ -77,6 +77,11 @@
"name": "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2017/15xxx/CVE-2017-15906.json
View File

@ -86,6 +86,11 @@
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

5
2017/17xxx/CVE-2017-17309.json
View File

@ -56,6 +56,11 @@
"name": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html"
}
]
}

5
2017/3xxx/CVE-2017-3156.json
View File

@ -70,6 +70,11 @@
"name": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
},
{
"refsource": "MLIST",
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
}
]
}

91
2017/3xxx/CVE-2017-3211.json Normal file → Executable file
View File

@ -1,9 +1,42 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2017-05-17T00:00:00.000Z",
"ID": "CVE-2017-3211",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Centire Yopify leaks customer information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yopify",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2017-04-06",
"version_value": "2017-04-06"
}
]
}
}
]
},
"vendor_name": "Centire"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +44,60 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site's source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl 'https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080'\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site's customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn't have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n \n"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/"
}
]
},
"source": {
"defect": [
"R7-2017-05"
],
"discovery": "EXTERNAL"
}
}

5
2017/5xxx/CVE-2017-5030.json
View File

@ -81,6 +81,11 @@
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/"
}
]
}

Some files were not shown because too many files have changed in this diff Show More