"-Synchronized-Data."

This commit is contained in:
CVE Team 2020-02-07 15:01:12 +00:00
parent a1a0009545
commit 9b5f3257e6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
13 changed files with 768 additions and 23 deletions

View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3591",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vTiger CRM",
"product": {
"product_data": [
{
"product_name": "vTiger CRM",
"version": {
"version_data": [
{
"version_value": "5.3"
},
{
"version_value": "5.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"url": "http://www.securityfocus.com/bid/63454",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63454"
},
{
"url": "http://www.exploit-db.com/exploits/29319",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/29319"
}
]
}

View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3628",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zabbix",
"product": {
"product_data": [
{
"product_name": "Zabbix",
"version": {
"version_data": [
{
"version_value": "2.0.9"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"url": "http://www.securityfocus.com/bid/63453",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63453"
},
{
"url": "http://www.exploit-db.com/exploits/29321",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/29321"
}
]
}

View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3629",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ISPConfig",
"product": {
"product_data": [
{
"product_name": "ISPConfig",
"version": {
"version_data": [
{
"version_value": "3.0.5.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"url": "http://www.securityfocus.com/bid/63455",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63455"
},
{
"url": "http://www.exploit-db.com/exploits/29322",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/29322"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3635",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ProjectPier 0.8.8 has stored XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3636",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
},
{
"url": "http://www.securityfocus.com/bid/60739",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60739"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3637",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ProjectPier 0.8.8 does not use the Secure flag for cookies"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
}
]
}

View File

@ -1,8 +1,49 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4335",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "opOpenSocialPlugin",
"product": {
"product_data": [
{
"product_name": "opOpenSocialPlugin",
"version": {
"version_data": [
{
"version_value": "0.8.2.1"
},
{
"version_value": "> 0.9.9.2"
},
{
"version_value": "0.9.13"
},
{
"version_value": "1.2.6 (Fixed: 0.8.2.2"
},
{
"version_value": "0.9.9.3"
},
{
"version_value": "0.9.13.1"
},
{
"version_value": "1.2.6.1)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +52,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
},
{
"url": "http://www.securityfocus.com/bid/62287",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62287"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
}
]
}

View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9530",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md",
"url": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md"
}
]
}

View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15604",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "10.19.0, 12.15.0, 13.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation (CWE-295)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/746733",
"url": "https://hackerone.com/reports/746733"
},
{
"refsource": "CONFIRM",
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate"
}
]
}
}

View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15605",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "10.19.0, 12.15.0, 13.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Request Smuggling (CWE-444)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/735748",
"url": "https://hackerone.com/reports/735748"
},
{
"refsource": "CONFIRM",
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed"
}
]
}
}

View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15606",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "10.19.0, 12.15.0, 13.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation (CWE-20)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/730779",
"url": "https://hackerone.com/reports/730779"
},
{
"refsource": "CONFIRM",
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons"
}
]
}
}

View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-16155",
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiClientLinux",
"version": {
"version_data": [
{
"version_value": "FortiClientLinux 6.2.1 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/psirt/FG-IR-19-238",
"url": "https://fortiguard.com/psirt/FG-IR-19-238"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."
}
]
}
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-8126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "EdgeSwitch",
"version": {
"version_data": [
{
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/197958",
"url": "https://hackerone.com/reports/197958"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15)."
}
]
}