mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
a1a0009545
commit
9b5f3257e6
@ -1,8 +1,34 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2013-3591",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "vTiger CRM",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "vTiger CRM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "5.3"
|
||||
},
|
||||
{
|
||||
"version_value": "5.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +37,43 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PHP Code Execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
|
||||
},
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/63454",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/63454"
|
||||
},
|
||||
{
|
||||
"url": "http://www.exploit-db.com/exploits/29319",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/29319"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,8 +1,31 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2013-3628",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zabbix",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Zabbix",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,43 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Arbitrary Command Execution Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
|
||||
},
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/63453",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/63453"
|
||||
},
|
||||
{
|
||||
"url": "http://www.exploit-db.com/exploits/29321",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/29321"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,8 +1,31 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2013-3629",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "ISPConfig",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ISPConfig",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "3.0.5.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,43 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PHP Code Execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
|
||||
},
|
||||
{
|
||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
|
||||
"refsource": "MISC",
|
||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/63455",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/63455"
|
||||
},
|
||||
{
|
||||
"url": "http://www.exploit-db.com/exploits/29322",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.exploit-db.com/exploits/29322"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-3635",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,28 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "ProjectPier 0.8.8 has stored XSS"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-3636",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,38 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/60739",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/60739"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85609"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-3637",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,28 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "ProjectPier 0.8.8 does not use the Secure flag for cookies"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/122341/Project-Pier-0.8.8-XSS-Insecure-Cookies.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,8 +1,49 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-4335",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "opOpenSocialPlugin",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "opOpenSocialPlugin",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0.8.2.1"
|
||||
},
|
||||
{
|
||||
"version_value": "> 0.9.9.2"
|
||||
},
|
||||
{
|
||||
"version_value": "0.9.13"
|
||||
},
|
||||
{
|
||||
"version_value": "1.2.6 (Fixed: 0.8.2.2"
|
||||
},
|
||||
{
|
||||
"version_value": "0.9.9.3"
|
||||
},
|
||||
{
|
||||
"version_value": "0.9.13.1"
|
||||
},
|
||||
{
|
||||
"version_value": "1.2.6.1)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +52,38 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "XXE"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/62287",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.securityfocus.com/bid/62287"
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033",
|
||||
"refsource": "MISC",
|
||||
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2014-9530",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,7 +34,28 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md",
|
||||
"url": "https://github.com/nwjs/nw.js/blob/master/CHANGELOG.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
67
2019/15xxx/CVE-2019-15604.json
Normal file
67
2019/15xxx/CVE-2019-15604.json
Normal file
@ -0,0 +1,67 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-15604",
|
||||
"ASSIGNER": "support@hackerone.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "https://github.com/nodejs/node",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.19.0, 12.15.0, 13.8.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Certificate Validation (CWE-295)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://hackerone.com/reports/746733",
|
||||
"url": "https://hackerone.com/reports/746733"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
|
||||
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
67
2019/15xxx/CVE-2019-15605.json
Normal file
67
2019/15xxx/CVE-2019-15605.json
Normal file
@ -0,0 +1,67 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-15605",
|
||||
"ASSIGNER": "support@hackerone.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "https://github.com/nodejs/node",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.19.0, 12.15.0, 13.8.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "HTTP Request Smuggling (CWE-444)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://hackerone.com/reports/735748",
|
||||
"url": "https://hackerone.com/reports/735748"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
|
||||
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
67
2019/15xxx/CVE-2019-15606.json
Normal file
67
2019/15xxx/CVE-2019-15606.json
Normal file
@ -0,0 +1,67 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-15606",
|
||||
"ASSIGNER": "support@hackerone.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "https://github.com/nodejs/node",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.19.0, 12.15.0, 13.8.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Input Validation (CWE-20)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://hackerone.com/reports/730779",
|
||||
"url": "https://hackerone.com/reports/730779"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://nodejs.org/en/blog/release/v13.8.0/",
|
||||
"url": "https://nodejs.org/en/blog/release/v13.8.0/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
62
2019/16xxx/CVE-2019-16155.json
Normal file
62
2019/16xxx/CVE-2019-16155.json
Normal file
@ -0,0 +1,62 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-16155",
|
||||
"ASSIGNER": "psirt@fortinet.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Fortinet",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Fortinet FortiClientLinux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "FortiClientLinux 6.2.1 and below"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Escalation of privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://fortiguard.com/psirt/FG-IR-19-238",
|
||||
"url": "https://fortiguard.com/psirt/FG-IR-19-238"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted \"BackupConfig\" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -4,14 +4,58 @@
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-8126",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "support@hackerone.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "n/a",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "EdgeSwitch",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "1.7.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Privilege Escalation (CAPEC-233)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://hackerone.com/reports/197958",
|
||||
"url": "https://hackerone.com/reports/197958"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15)."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user