admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into cna/Oracle/CPU2020Jan3rdPartyCVEs

Browse Source
This commit is contained in:
bsitu 2020-01-15 11:00:49 -08:00 committed by GitHub
commit 94c510653f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
416 changed files with 27203 additions and 11214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2005/4xxx/CVE-2005-4891.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-4891",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Simple Machine Forum",
"product": {
"product_data": [
{
"product_name": "Simple Machine Forum",
"version": {
"version_data": [
{
"version_value": "1.0.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/11/14/10"
},
{
"refsource": "MISC",
"name": "https://securiteam.com/exploits/5HP0N0KG0O/",
"url": "https://securiteam.com/exploits/5HP0N0KG0O/"
}
]
}

63
2007/4xxx/CVE-2007-4773.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4773",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Systrace before 1.6.0 has insufficient escape policy enforcement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.citi.umich.edu/u/provos/systrace/",
"refsource": "MISC",
"name": "http://www.citi.umich.edu/u/provos/systrace/"
},
{
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.html",
"url": "http://taviso.decsystem.org/research.html"
},
{
"url": "http://taviso.decsystem.org/research.t2t",
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.t2t"
},
{
"refsource": "MISC",
"name": "https://www.provos.org/index.php?/archives/2007/12/C2.html",
"url": "https://www.provos.org/index.php?/archives/2007/12/C2.html"
}
]
}

53
2007/4xxx/CVE-2007-4774.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4774",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.html",
"url": "http://taviso.decsystem.org/research.html"
},
{
"url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60",
"refsource": "MISC",
"name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60"
}
]
}

55
2009/1xxx/CVE-2009-1120.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2009-1120",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RepliStor",
"version": {
"version_data": [
{
"version_value": "before ESA-09-003"
}
]
}
}
]
},
"vendor_name": "EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/",
"refsource": "MISC",
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/"
},
{
"refsource": "MISC",
"name": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution",
"url": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution"
}
]
}

55
2011/4xxx/CVE-2011-4336.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4336",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tiki",
"product": {
"product_data": [
{
"product_name": "Wiki CMS Groupware",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/bugtraq/2011/Nov/140",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/48806/info",
"url": "https://www.securityfocus.com/bid/48806/info"
}
]
}

55
2011/4xxx/CVE-2011-4907.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4907",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "1.5x through 1.5.12"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2011/12/25/7",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/12/25/7"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html",
"url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html"
}
]
}

55
2012/0xxx/CVE-2012-0070.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0070",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spamdyke",
"product": {
"product_data": [
{
"product_name": "spamdyke",
"version": {
"version_data": [
{
"version_value": "prior to 4.2.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/01/20/7"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070"
}
]
}

55
2012/0xxx/CVE-2012-0334.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-0334",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance AsyncOS",
"version": {
"version_data": [
{
"version_value": "prior to 7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "CONFIRM",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334"
}
]
}

50
2012/0xxx/CVE-2012-0945.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "whoopsie-daisy",
"product": {
"product_data": [
{
"product_name": "whoopsie-daisy",
"version": {
"version_data": [
{
"version_value": "< 0.1.26"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687"
}
]
}

55
2012/1xxx/CVE-2012-1316.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1316",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance",
"version": {
"version_data": [
{
"version_value": "through at least 2012-04-11"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "MISC",
"name": "https://www.secureworks.com/research/transitive-trust",
"url": "https://www.secureworks.com/research/transitive-trust"
}
]
}

55
2012/1xxx/CVE-2012-1326.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1326",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IronPort Web Security Appliance",
"version": {
"version_data": [
{
"version_value": "<= 7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/52981",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52981"
},
{
"refsource": "CONFIRM",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326"
}
]
}

64
2012/1xxx/CVE-2012-1562.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1562",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla! core",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x versions"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! core before 2.5.3 allows unauthorized password change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication error"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html",
"url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html"
}
]
}

69
2012/1xxx/CVE-2012-1563.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1563",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Joomla!",
"product": {
"product_data": [
{
"product_name": "Joomla!",
"version": {
"version_data": [
{
"version_value": "2.5.2"
},
{
"version_value": "2.5.1"
},
{
"version_value": "2.5.0"
},
{
"version_value": "and all 1.7.x and 1.6.x releases"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joomla! before 2.5.3 allows Admin Account Creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Admin Account Creation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/19/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/19/11"
},
{
"url": "https://www.exploit-db.com/exploits/41156/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/41156/"
},
{
"refsource": "MISC",
"name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html",
"url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html"
}
]
}

5
2012/1xxx/CVE-2012-1695.json
View File

@ -71,6 +71,11 @@
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

48
2014/6xxx/CVE-2014-6448.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6448",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695"
}
]
}

14
2015/1xxx/CVE-2015-1850.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1850",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none."
}
]
}

53
2015/5xxx/CVE-2015-5071.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5071",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html",
"url": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html"
},
{
"refsource": "CONFIRM",
"name": "https://communities.bmc.com/docs/DOC-77816",
"url": "https://communities.bmc.com/docs/DOC-77816"
}
]
}

53
2015/5xxx/CVE-2015-5072.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5072",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://communities.bmc.com/docs/DOC-77816",
"url": "https://communities.bmc.com/docs/DOC-77816"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html",
"url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html"
}
]
}

60
2015/5xxx/CVE-2015-5230.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5230",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PowerDNS",
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative Server",
"version": {
"version_data": [
{
"version_value": "3.4.x before 3.4.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3347",
"url": "http://www.debian.org/security/2015/dsa-3347"
},
{
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1033475",
"url": "http://www.securitytracker.com/id/1033475"
}
]
}

63
2015/5xxx/CVE-2015-5466.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5466",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Sep/2",
"url": "http://seclists.org/fulldisclosure/2015/Sep/2"
}
]
}

58
2015/5xxx/CVE-2015-5484.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5484",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/",
"url": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Jul/68",
"url": "http://seclists.org/fulldisclosure/2015/Jul/68"
},
{
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-plotly/changelog/",
"url": "https://wordpress.org/plugins/wp-plotly/changelog/"
}
]
}

48
2015/5xxx/CVE-2015-5952.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5952",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Aug/24",
"url": "http://seclists.org/fulldisclosure/2015/Aug/24"
}
]
}

68
2015/6xxx/CVE-2015-6497.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6497",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html",
"url": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html"
},
{
"refsource": "MISC",
"name": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html",
"url": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html"
},
{
"refsource": "MISC",
"name": "http://karmainsecurity.com/KIS-2015-04",
"url": "http://karmainsecurity.com/KIS-2015-04"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Sep/48",
"url": "http://seclists.org/fulldisclosure/2015/Sep/48"
},
{
"refsource": "MISC",
"name": "http://magento.com/security/patches/supee-6482",
"url": "http://magento.com/security/patches/supee-6482"
}
]
}

55
2015/7xxx/CVE-2015-7556.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7556",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "National Institute of Advanced Industrial Science and Technology",
"product": {
"product_data": [
{
"product_name": "DeleGate",
"version": {
"version_data": [
{
"version_value": "9.9.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.vapidlabs.com/advisory.php?v=159",
"url": "http://www.vapidlabs.com/advisory.php?v=159"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2015/Dec/123",
"url": "http://seclists.org/fulldisclosure/2015/Dec/123"
}
]
}

48
2015/7xxx/CVE-2015-7874.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7874",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/39119/",
"url": "https://www.exploit-db.com/exploits/39119/"
}
]
}

63
2015/8xxx/CVE-2015-8549.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8549",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ocert.org/advisories/ocert-2015-011.html",
"url": "http://www.ocert.org/advisories/ocert-2015-011.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded",
"url": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://github.com/hydralabs/pyamf/pull/58",
"url": "https://github.com/hydralabs/pyamf/pull/58"
},
{
"refsource": "MISC",
"name": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0",
"url": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0"
}
]
}

91
2017/3xxx/CVE-2017-3211.json Normal file → Executable file
View File

@ -1,9 +1,42 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2017-05-17T00:00:00.000Z",
"ID": "CVE-2017-3211",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Centire Yopify leaks customer information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Yopify",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2017-04-06",
"version_value": "2017-04-06"
}
]
}
}
]
},
"vendor_name": "Centire"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +44,60 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site's source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl 'https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080'\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site's customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn't have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n \n"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/"
}
]
},
"source": {
"defect": [
"R7-2017-05"
],
"discovery": "EXTERNAL"
}
}

5
2017/5xxx/CVE-2017-5030.json
View File

@ -81,6 +81,11 @@
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/"
}
]
}

5
2017/5xxx/CVE-2017-5645.json
View File

@ -313,6 +313,11 @@
"name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2018/10xxx/CVE-2018-10536.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/10xxx/CVE-2018-10537.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/10xxx/CVE-2018-10538.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/10xxx/CVE-2018-10539.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/10xxx/CVE-2018-10540.json
View File

@ -86,6 +86,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/11xxx/CVE-2018-11805.json
View File

@ -118,6 +118,11 @@
"refsource": "UBUNTU",
"name": "USN-4237-1",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4237-2",
"url": "https://usn.ubuntu.com/4237-2/"
}
]
},

14
2018/12xxx/CVE-2018-12417.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12417",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-12417",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

14
2018/18xxx/CVE-2018-18811.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18811",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-18811",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}

5
2018/19xxx/CVE-2018-19840.json
View File

@ -101,6 +101,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/19xxx/CVE-2018-19841.json
View File

@ -101,6 +101,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2018/5xxx/CVE-2018-5391.json
View File

@ -225,6 +225,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp;utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp;utm_medium=RSS"
},
{
"refsource": "CONFIRM",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en"
}
]
},

5
2019/0xxx/CVE-2019-0639.json
View File

@ -84,6 +84,11 @@
"refsource": "CONFIRM",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/"
}
]
}

5
2019/1010xxx/CVE-2019-1010315.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2019/1010xxx/CVE-2019-1010317.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2019/1010xxx/CVE-2019-1010319.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2019/11xxx/CVE-2019-11045.json
View File

@ -115,6 +115,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-a54a622670",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"refsource": "UBUNTU",
"name": "USN-4239-1",
"url": "https://usn.ubuntu.com/4239-1/"
}
]
},

5
2019/11xxx/CVE-2019-11046.json
View File

@ -120,6 +120,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp;utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp;utm_medium=RSS"
},
{
"refsource": "UBUNTU",
"name": "USN-4239-1",
"url": "https://usn.ubuntu.com/4239-1/"
}
]
},

5
2019/11xxx/CVE-2019-11047.json
View File

@ -115,6 +115,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-a54a622670",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"refsource": "UBUNTU",
"name": "USN-4239-1",
"url": "https://usn.ubuntu.com/4239-1/"
}
]
},

5
2019/11xxx/CVE-2019-11050.json
View File

@ -115,6 +115,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-a54a622670",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"refsource": "UBUNTU",
"name": "USN-4239-1",
"url": "https://usn.ubuntu.com/4239-1/"
}
]
},

5
2019/11xxx/CVE-2019-11281.json
View File

@ -87,6 +87,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-74d2feb5be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2020:0078",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
}
]
},

5
2019/11xxx/CVE-2019-11287.json
View File

@ -100,6 +100,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0078",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin"
}
]
},

5
2019/11xxx/CVE-2019-11498.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-e55567b6be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-73274c9df4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/"
}
]
}

5
2019/12xxx/CVE-2019-12420.json
View File

@ -98,6 +98,11 @@
"refsource": "UBUNTU",
"name": "USN-4237-1",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4237-2",
"url": "https://usn.ubuntu.com/4237-2/"
}
]
},

5
2019/14xxx/CVE-2019-14835.json
View File

@ -238,6 +238,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
}
]
},

62
2019/16xxx/CVE-2019-16466.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
},
"product_name": "Adobe Experience Manager"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16466",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/16xxx/CVE-2019-16467.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
},
"product_name": "Adobe Experience Manager"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16467",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/16xxx/CVE-2019-16468.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
},
"product_name": "Adobe Experience Manager"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface Injection"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16468",
"ASSIGNER": "psirt@adobe.com"
}
}

62
2019/16xxx/CVE-2019-16469.json Normal file
View File

@ -0,0 +1,62 @@
{
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
},
"product_name": "Adobe Experience Manager"
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Expression Language injection"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html",
"refsource": "CONFIRM",
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2019-16469",
"ASSIGNER": "psirt@adobe.com"
}
}

5
2019/16xxx/CVE-2019-16775.json
View File

@ -82,6 +82,11 @@
"refsource": "MISC",
"url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0059",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/16xxx/CVE-2019-16776.json
View File

@ -82,6 +82,11 @@
"refsource": "CONFIRM",
"url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0059",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/16xxx/CVE-2019-16777.json
View File

@ -82,6 +82,11 @@
"refsource": "CONFIRM",
"url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0059",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

10
2019/16xxx/CVE-2019-16943.json
View File

@ -118,6 +118,16 @@
"name":"[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
"url":"https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)",
"url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
"url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/17xxx/CVE-2019-17015.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html",
"url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

5
2019/17xxx/CVE-2019-17016.json
View File

@ -113,6 +113,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0111",
"url": "https://access.redhat.com/errata/RHSA-2020:0111"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

5
2019/17xxx/CVE-2019-17017.json
View File

@ -113,6 +113,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0111",
"url": "https://access.redhat.com/errata/RHSA-2020:0111"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

5
2019/17xxx/CVE-2019-17021.json
View File

@ -78,6 +78,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html",
"url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

5
2019/17xxx/CVE-2019-17022.json
View File

@ -113,6 +113,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0111",
"url": "https://access.redhat.com/errata/RHSA-2020:0111"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

5
2019/17xxx/CVE-2019-17024.json
View File

@ -113,6 +113,11 @@
"refsource": "REDHAT",
"name": "RHSA-2020:0111",
"url": "https://access.redhat.com/errata/RHSA-2020:0111"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0060",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html"
}
]
},

18
2019/17xxx/CVE-2019-17149.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17149",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

18
2019/17xxx/CVE-2019-17150.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17150",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

5
2019/17xxx/CVE-2019-17267.json
View File

@ -93,6 +93,11 @@
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
"url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/17xxx/CVE-2019-17531.json
View File

@ -83,6 +83,11 @@
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
"url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/17xxx/CVE-2019-17571.json
View File

@ -193,6 +193,11 @@
"refsource": "MLIST",
"name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]",
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E"
}
]
},

5
2019/18xxx/CVE-2019-18218.json
View File

@ -96,6 +96,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-18036b898e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200115-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200115-0001/"
}
]
}

5
2019/18xxx/CVE-2019-18388.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0058",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"
}
]
}

5
2019/18xxx/CVE-2019-18389.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2019-18389"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0058",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"
}
]
}

5
2019/18xxx/CVE-2019-18390.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0058",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"
}
]
}

5
2019/18xxx/CVE-2019-18391.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2019-18391"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0058",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"
}
]
}

18
2019/18xxx/CVE-2019-18412.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18412",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

5
2019/18xxx/CVE-2019-18466.json
View File

@ -71,6 +71,11 @@
"url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0",
"refsource": "MISC",
"name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4269",
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
}
]
}

5
2019/18xxx/CVE-2019-18675.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429"
}
]
}

5
2019/19xxx/CVE-2019-19950.json
View File

@ -61,6 +61,11 @@
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
"refsource": "MISC",
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0055",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
}
]
}

5
2019/19xxx/CVE-2019-19951.json
View File

@ -61,6 +61,11 @@
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
"refsource": "MISC",
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0055",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
}
]
}

5
2019/19xxx/CVE-2019-19953.json
View File

@ -61,6 +61,11 @@
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"refsource": "MISC",
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0055",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
}
]
}

5
2019/1xxx/CVE-2019-1332.json
View File

@ -76,6 +76,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services"
}
]
}

25
2019/20xxx/CVE-2019-20330.json
View File

@ -61,6 +61,31 @@
"url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2",
"refsource": "MISC",
"name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
"url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1",
"url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
"url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)",
"url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)",
"url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E"
}
]
}

50
2019/2xxx/CVE-2019-2224.json
View File

@ -4,58 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-2224",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2019-12-01",
"url": "https://source.android.com/security/bulletin/2019-12-01"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15140. Reason: This candidate is a duplicate of CVE-2019-15140. Notes: All CVE users should reference CVE-2019-15140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

9
2019/2xxx/CVE-2019-2725.json
View File

@ -11,11 +11,11 @@
"product": {
"product_data": [
{
"product_name": "Tape Virtual VSM GUI - Virtual Storage Manager GUI",
"product_name": "Tape Library ACSLS",
"version": {
"version_data": [
{
"version_value": "6.2",
"version_value": "8.5",
"version_affected": "="
}
]
@ -82,6 +82,11 @@
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

9
2019/2xxx/CVE-2019-2729.json
View File

@ -11,11 +11,11 @@
"product": {
"product_data": [
{
"product_name": "Tape General STA - StorageTek Tape Analytics SW Tool",
"product_name": "Tape Library ACSLS",
"version": {
"version_data": [
{
"version_value": "2.3.0",
"version_value": "8.5",
"version_affected": "="
}
]
@ -67,6 +67,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}

21
2019/2xxx/CVE-2019-2904.json
View File

@ -9,6 +9,22 @@
"vendor":{
"vendor_data":[
{
"product":{
"product_data":[
{
"product_name": "Retail Sales Audit",
"version": {
"version_data": [
{
"version_value": "15.0.3. 16.0.2",
"version_affected": "="
}
]
}
}
]
},
"vendor_name":"Oracle Corporation",
"product":{
"product_data":[
{
@ -72,6 +88,11 @@
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}

5
2019/5xxx/CVE-2019-5094.json
View File

@ -73,6 +73,11 @@
"refsource": "UBUNTU",
"name": "USN-4142-1",
"url": "https://usn.ubuntu.com/4142-1/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200115-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200115-0002/"
}
]
},

5
2019/5xxx/CVE-2019-5108.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e",
"url": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e"
}
]
},

5
2019/5xxx/CVE-2019-5489.json
View File

@ -196,6 +196,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:4255",
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"refsource": "CONFIRM",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
]
}

102
2019/9xxx/CVE-2019-9493.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
"ID": "CVE-2019-9493",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "MyCar Controls uses hard-coded credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MyCar Controls",
"version": {
"version_data": [
{
"platform": "iOS",
"version_affected": "<",
"version_value": "3.4.24"
},
{
"platform": "Android",
"version_affected": "<",
"version_value": "4.1.2"
}
]
}
}
]
},
"vendor_name": "AutoMobility Distribution Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +43,72 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#174715",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/174715/"
},
{
"name": "https://www.securityfocus.com/bid/107827",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/107827"
},
{
"name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control"
},
{
"name": "https://mycarcontrols.com/",
"refsource": "MISC",
"url": "https://mycarcontrols.com/"
},
{
"name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815"
}
]
},
"source": {
"advisory": "VU#174715",
"discovery": "EXTERNAL"
}
}

116
2019/9xxx/CVE-2019-9510.json Normal file → Executable file
View File

@ -1,9 +1,54 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-06-04T00:00:00.000Z",
"ID": "CVE-2019-9510",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Microsoft Windows RDP can bypass the Windows lock screen"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 or newer system using RDP",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "10 ",
"version_value": "1803"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "2019",
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -11,8 +56,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#576688",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/576688/"
},
{
"name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)",
"refsource": "MISC",
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)"
},
{
"name":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389",
"refsource": "MISC",
"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
},
{
"name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect",
"refsource": "MISC",
"url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
}
]
},
"source": {
"advisory": "VU#576688",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
}
]
}

6
2020/0xxx/CVE-2020-0601.json
View File

@ -172,7 +172,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka \u0027Windows CryptoAPI Spoofing Vulnerability\u0027."
"value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'."
}
]
},
@ -191,7 +191,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601"
}
]
}

6
2020/0xxx/CVE-2020-0602.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'."
}
]
},
@ -59,7 +59,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
}
]
}

6
2020/0xxx/CVE-2020-0603.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
"value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'."
}
]
},
@ -59,7 +59,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
}
]
}

6
2020/0xxx/CVE-2020-0605.json
View File

@ -659,7 +659,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606."
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606."
}
]
},
@ -678,7 +678,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
}
]
}

6
2020/0xxx/CVE-2020-0606.json
View File

@ -652,7 +652,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605."
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605."
}
]
},
@ -671,7 +671,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
}
]
}

6
2020/0xxx/CVE-2020-0607.json
View File

@ -205,7 +205,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \u0027Microsoft Graphics Components Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'."
}
]
},
@ -224,7 +224,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607"
}
]
}

Some files were not shown because too many files have changed in this diff Show More