admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'CVEProject:master' into master

Browse Source
This commit is contained in:
liav gutman 2023-01-02 15:41:05 +02:00 committed by GitHub
commit a24152504f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19759 changed files with 921005 additions and 30505 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
2002/20xxx/CVE-2002-20001.json
View File

@ -71,6 +71,36 @@
"refsource": "MISC",
"name": "https://github.com/mozilla/ssl-config-generator/issues/162",
"url": "https://github.com/mozilla/ssl-config-generator/issues/162"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
},
{
"refsource": "MISC",
"name": "https://www.suse.com/support/kb/doc/?id=000020510",
"url": "https://www.suse.com/support/kb/doc/?id=000020510"
},
{
"refsource": "MISC",
"name": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/",
"url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/"
},
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt"
},
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K83120834",
"url": "https://support.f5.com/csp/article/K83120834"
},
{
"refsource": "MISC",
"name": "https://dheatattack.com",
"url": "https://dheatattack.com"
}
]
}

5
2003/0xxx/CVE-2003-0190.json
View File

@ -96,6 +96,11 @@
"name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2003/1xxx/CVE-2003-1562.json
View File

@ -76,6 +76,11 @@
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

18
2006/20xxx/CVE-2006-20001.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-20001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2007/20xxx/CVE-2007-20001.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion."
"value": "A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20."
}
]
},

5
2009/0xxx/CVE-2009-0855.json
View File

@ -96,6 +96,11 @@
"name": "PK82988",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170073/IBM-Websphere-Application-Server-7.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/170073/IBM-Websphere-Application-Server-7.0-Cross-Site-Scripting.html"
}
]
}

53
2009/1xxx/CVE-2009-1142.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1142",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}

53
2009/1xxx/CVE-2009-1143.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1143",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.gentoo.org/264577",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/264577"
},
{
"url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848",
"refsource": "MISC",
"name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848"
}
]
}

68
2009/5xxx/CVE-2009-5047.json
View File

@ -1,71 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-5047",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a consonant string (string including only letters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt",
"url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5047",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2009-5047"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110114 Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
"url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

111
2010/10xxx/CVE-2010-10002.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2010-10002",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine problematische Schwachstelle in SimpleSAMLphp simplesamlphp-module-openid entdeckt. Es betrifft eine unbekannte Funktion der Datei templates/consumer.php der Komponente OpenID Handler. Durch Manipulieren des Arguments AuthState mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d652d41ccaf8c45d5707e741c0c5d82a2365a9a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SimpleSAMLphp",
"product": {
"product_data": [
{
"product_name": "simplesamlphp-module-openid",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217170",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217170"
},
{
"url": "https://vuldb.com/?ctiid.217170",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217170"
},
{
"url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3",
"refsource": "MISC",
"name": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3"
},
{
"url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0",
"refsource": "MISC",
"name": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"baseSeverity": "LOW"
}
]
}
}

167
2010/5xxx/CVE-2010-5312.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5312",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,92 +27,126 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "?"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0442",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
},
{
"name": "DSA-3249",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3249"
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
},
{
"name": "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/616"
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"name": "71106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71106"
"url": "https://www.drupal.org/sa-core-2022-002",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2022-002"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2015:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "http://bugs.jqueryui.com/ticket/6016",
"refsource": "CONFIRM",
"url": "http://bugs.jqueryui.com/ticket/6016"
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "jqueryui-cve20105312-xss(98696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98696"
"url": "https://security.netapp.com/advisory/ntap-20190416-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20190416-0007/"
},
{
"name": "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/613"
"url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"
},
{
"name": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3"
"url": "http://www.debian.org/security/2015/dsa-3249",
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3249"
},
{
"name": "1037035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037035"
"url": "http://seclists.org/oss-sec/2014/q4/616",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/616"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190416-0007/",
"url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
"url": "http://www.securityfocus.com/bid/71106",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/71106"
},
{
"refsource": "MLIST",
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"refsource": "MLIST",
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
"url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html",
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"
},
{
"refsource": "MLIST",
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
"url": "http://bugs.jqueryui.com/ticket/6016",
"refsource": "MISC",
"name": "http://bugs.jqueryui.com/ticket/6016"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2022-002",
"url": "https://www.drupal.org/sa-core-2022-002"
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98696",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98696"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
"url": "http://seclists.org/oss-sec/2014/q4/613",
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2014/q4/613"
},
{
"url": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3",
"refsource": "MISC",
"name": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3"
},
{
"url": "http://www.securitytracker.com/id/1037035",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037035"
}
]
}

50
2011/4xxx/CVE-2011-4820.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2011-4820",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "XF",
"name": "IBM X-Force ID 71161",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71161"
}
]
}

55
2012/2xxx/CVE-2012-2160.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2160",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "XF",
"name": "IBM X-Force ID: 74753",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74753"
},
{
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/589933",
"url": "https://www.ibm.com/support/pages/node/589933"
}
]
}

50
2012/2xxx/CVE-2012-2201.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2201",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "XF",
"name": "IBM X-Force ID: 76799",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76799"
}
]
}

5
2012/4xxx/CVE-2012-4244.json
View File

@ -181,6 +181,11 @@
"name": "50673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50673"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221209-0008/",
"url": "https://security.netapp.com/advisory/ntap-20221209-0008/"
}
]
}

55
2012/4xxx/CVE-2012-4818.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4818",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "XF",
"name": "IBM X-Force ID: 78651",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78651"
},
{
"refsource": "MISC",
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-lack-of-path-restriction-may-allow-access-to-sensitive-data-stored-on-ibm-infosphere-information-server-cve-2012-4818/?lnk=hm"
}
]
}

76
2013/10xxx/CVE-2013-10005.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-10005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 400: Uncontrolled Resource Consumption"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/btcsuite/go-socks",
"product": {
"product_data": [
{
"product_name": "github.com/btcsuite/go-socks/socks",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
},
{
"vendor_name": "github.com/btcsuitereleases/go-socks",
"product": {
"product_data": [
{
"product_name": "github.com/btcsuitereleases/go-socks/socks",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc",
"refsource": "MISC",
"name": "https://github.com/btcsuite/go-socks/commit/233bccbb1abe02f05750f7ace66f5bffdb13defc"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0024",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0024"
}
]
}

111
2013/10xxx/CVE-2013-10006.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2013-10006",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171."
},
{
"lang": "deu",
"value": "In Ziftr primecoin bis 0.8.4rc1 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion HTTPAuthorized der Datei src/bitcoinrpc.cpp. Durch das Beeinflussen des Arguments strUserPass/strRPCUserColonPass mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.8.4rc2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cdb3441b5cd2c1bae49fae671dc4a496f7c96322 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Observable Timing Discrepancy",
"cweId": "CWE-208"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ziftr",
"product": {
"product_data": [
{
"product_name": "primecoin",
"version": {
"version_data": [
{
"version_value": "0.8.4rc1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217171",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217171"
},
{
"url": "https://vuldb.com/?ctiid.217171",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217171"
},
{
"url": "https://github.com/Ziftr/primecoin/commit/cdb3441b5cd2c1bae49fae671dc4a496f7c96322",
"refsource": "MISC",
"name": "https://github.com/Ziftr/primecoin/commit/cdb3441b5cd2c1bae49fae671dc4a496f7c96322"
},
{
"url": "https://github.com/Ziftr/primecoin/releases/tag/v0.8.4rc2",
"refsource": "MISC",
"name": "https://github.com/Ziftr/primecoin/releases/tag/v0.8.4rc2"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.6,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.6,
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.4,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}

2
2013/20xxx/CVE-2013-20004.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak."
"value": "A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16."
}
]
},

5
2013/4xxx/CVE-2013-4235.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-26",
"url": "https://security.gentoo.org/glsa/202210-26"
}
]
}

63
2013/4xxx/CVE-2013-4253.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-4253",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Openshift",
"version": {
"version_data": [
{
"version_value": "Red Hat Openshift 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2014/06/05/19",
"url": "https://www.openwall.com/lists/oss-security/2014/06/05/19"
},
{
"refsource": "MISC",
"name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
"url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file."
}
]
}

63
2013/4xxx/CVE-2013-4281.json
View File

@ -1,17 +1,66 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4281",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-4281",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat Openshift",
"version": {
"version_data": [
{
"version_value": "Red Hat Openshift 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2014/06/05/19",
"url": "https://www.openwall.com/lists/oss-security/2014/06/05/19"
},
{
"refsource": "MISC",
"name": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
"url": "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file."
}
]
}

120
2014/0xxx/CVE-2014-0144.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0144",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,121 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=24342f2cae47d03911e346fe1e520b00dc2818e0"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=6d4b9e55fc625514a38d27cff4b9933f617fa7dc"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7b103b36d6ef3b11827c203d3a793bf7da50ecd6"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=97f1c45c6f456572e5b504b8614e4a69e23b8e3a"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=a1b3955c9415b1e767c130a2f59fee6aa28e575b"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ce48f2f441ca98885267af6fd636a7cb804ee646"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d65f97a82c4ed48374a764c769d4ba1ea9724e97"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=f56b9bc3ae20fc93815b34aa022be919941406ce"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"refsource": "MISC",
"name": "https://www.vulnerabilitycenter.com/#!vul=44767",
"url": "https://www.vulnerabilitycenter.com/#!vul=44767"
}
]
}

75
2014/0xxx/CVE-2014-0147.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0147",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "before 1.6.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=246f65838d19db6db55bfb41117c35645a2c4789",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=246f65838d19db6db55bfb41117c35645a2c4789"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/03/26/8",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
]
}

75
2014/0xxx/CVE-2014-0148.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0148",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,76 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS."
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "before 2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0420.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2014-0421.html",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/03/26/8",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
},
{
"refsource": "MISC",
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=1d7678dec4761acdc43439da6ceda41a703ba1a6"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212"
},
{
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
}
]
}

5
2014/0xxx/CVE-2014-0160.json
View File

@ -691,6 +691,11 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd",
"url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
}
]
}

71
2014/125xxx/CVE-2014-125026.json
View File

@ -1,18 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 94: Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/cloudflare/golz4",
"product": {
"product_data": [
{
"product_name": "github.com/cloudflare/golz4",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898",
"refsource": "MISC",
"name": "https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898"
},
{
"url": "https://github.com/cloudflare/golz4/issues/5",
"refsource": "MISC",
"name": "https://github.com/cloudflare/golz4/issues/5"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0022",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0022"
}
]
},
"credits": [
{
"lang": "en",
"value": "Yann Collet"
}
]
}

179
2014/125xxx/CVE-2014-125027.json Normal file
View File

@ -0,0 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125027",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The name of the patch is 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147."
},
{
"lang": "deu",
"value": "In Yuna Scatari TBDev bis 2.1.17 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion get_user_icons der Datei usersearch.php. Durch das Manipulieren des Arguments n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.1.18 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yuna Scatari",
"product": {
"product_data": [
{
"product_name": "TBDev",
"version": {
"version_data": [
{
"version_value": "2.1.0",
"version_affected": "="
},
{
"version_value": "2.1.1",
"version_affected": "="
},
{
"version_value": "2.1.2",
"version_affected": "="
},
{
"version_value": "2.1.3",
"version_affected": "="
},
{
"version_value": "2.1.4",
"version_affected": "="
},
{
"version_value": "2.1.5",
"version_affected": "="
},
{
"version_value": "2.1.6",
"version_affected": "="
},
{
"version_value": "2.1.7",
"version_affected": "="
},
{
"version_value": "2.1.8",
"version_affected": "="
},
{
"version_value": "2.1.9",
"version_affected": "="
},
{
"version_value": "2.1.10",
"version_affected": "="
},
{
"version_value": "2.1.11",
"version_affected": "="
},
{
"version_value": "2.1.12",
"version_affected": "="
},
{
"version_value": "2.1.13",
"version_affected": "="
},
{
"version_value": "2.1.14",
"version_affected": "="
},
{
"version_value": "2.1.15",
"version_affected": "="
},
{
"version_value": "2.1.16",
"version_affected": "="
},
{
"version_value": "2.1.17",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217147",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217147"
},
{
"url": "https://vuldb.com/?ctiid.217147",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217147"
},
{
"url": "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4",
"refsource": "MISC",
"name": "https://github.com/yunasc/tbdev/commit/0ba3fd4be29dd48fa4455c236a9403b3149a4fd4"
},
{
"url": "https://github.com/yunasc/tbdev/releases/tag/v2.1.18",
"refsource": "MISC",
"name": "https://github.com/yunasc/tbdev/releases/tag/v2.1.18"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125028.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125028",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in valtech IDP Test Client gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei python-flask/main.py. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als f1e7b3d431c8681ec46445557125890c14fa295f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "valtech",
"product": {
"product_data": [
{
"product_name": "IDP Test Client",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217148",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217148"
},
{
"url": "https://vuldb.com/?ctiid.217148",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217148"
},
{
"url": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f",
"refsource": "MISC",
"name": "https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

18
2014/125xxx/CVE-2014-125029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-125029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

111
2014/125xxx/CVE-2014-125030.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125030",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in taoeffect Empress entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Durch die Manipulation mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Der Patch wird als 557e177d8a309d6f0f26de46efb38d43e000852d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hard-coded Password",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "taoeffect",
"product": {
"product_data": [
{
"product_name": "Empress",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217154",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217154"
},
{
"url": "https://vuldb.com/?ctiid.217154",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217154"
},
{
"url": "https://github.com/taoeffect/empress/pull/61",
"refsource": "MISC",
"name": "https://github.com/taoeffect/empress/pull/61"
},
{
"url": "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d",
"refsource": "MISC",
"name": "https://github.com/taoeffect/empress/commit/557e177d8a309d6f0f26de46efb38d43e000852d"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125031.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125031",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is an unknown function of the file pages/loggedin.php. The manipulation of the argument statusentery leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 1c575340539f983333aa43fc58ecd76eb53e1816. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217176."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in kirill2485 TekNet ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei pages/loggedin.php. Durch die Manipulation des Arguments statusentery mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als 1c575340539f983333aa43fc58ecd76eb53e1816 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kirill2485",
"product": {
"product_data": [
{
"product_name": "TekNet",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217176",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217176"
},
{
"url": "https://vuldb.com/?ctiid.217176",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217176"
},
{
"url": "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816",
"refsource": "MISC",
"name": "https://github.com/kirill2485/TekNet/commit/1c575340539f983333aa43fc58ecd76eb53e1816"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125032.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125032",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The name of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In porpeeranut go-with-me wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei module/frontend/add.php. Durch Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b92451e4f9e85e26cf493c95ea0a69e354c35df9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "porpeeranut",
"product": {
"product_data": [
{
"product_name": "go-with-me",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217177",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217177"
},
{
"url": "https://vuldb.com/?ctiid.217177",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217177"
},
{
"url": "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9",
"refsource": "MISC",
"name": "https://github.com/porpeeranut/go-with-me/commit/b92451e4f9e85e26cf493c95ea0a69e354c35df9"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2014/125xxx/CVE-2014-125033.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125033",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in rails-cv-app ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei app/controllers/uploaded_files_controller.rb. Mittels dem Manipulieren mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0d20362af0a5f8a126f67c77833868908484a863 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: '../filedir'",
"cweId": "CWE-24"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "rails-cv-app",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217178",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217178"
},
{
"url": "https://vuldb.com/?ctiid.217178",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217178"
},
{
"url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863",
"refsource": "MISC",
"name": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}

106
2014/125xxx/CVE-2014-125034.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2014-125034",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The name of the patch is 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183."
},
{
"lang": "deu",
"value": "In stiiv contact_app wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion render der Datei libs/View.php. Durch Beeinflussen des Arguments var mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 67bec33f559da9d41a1b45eb9e992bd8683a7f8c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "stiiv",
"product": {
"product_data": [
{
"product_name": "contact_app",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217183",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217183"
},
{
"url": "https://vuldb.com/?ctiid.217183",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217183"
},
{
"url": "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c",
"refsource": "MISC",
"name": "https://github.com/stiiv/contact_app/commit/67bec33f559da9d41a1b45eb9e992bd8683a7f8c"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

20
2014/2xxx/CVE-2014-2265.json
View File

@ -57,15 +57,25 @@
"refsource": "CONFIRM",
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"name": "http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/",
"refsource": "MISC",
"url": "http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"name": "http://wordpress.org/plugins/contact-form-7/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"refsource": "MISC",
"name": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/",
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"refsource": "MISC",
"name": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"refsource": "MISC",
"name": "https://www.cvedetails.com/cve/CVE-2014-2265/",
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
]
}

2
2014/6xxx/CVE-2014-6033.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

5
2014/8xxx/CVE-2014-8176.json
View File

@ -151,6 +151,11 @@
"name": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0207.json
View File

@ -131,6 +131,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0208.json
View File

@ -131,6 +131,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0209.json
View File

@ -276,6 +276,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0285.json
View File

@ -136,6 +136,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0286.json
View File

@ -311,6 +311,11 @@
"name": "73225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73225"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0287.json
View File

@ -296,6 +296,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0288.json
View File

@ -281,6 +281,11 @@
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0289.json
View File

@ -271,6 +271,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0290.json
View File

@ -131,6 +131,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0291.json
View File

@ -136,6 +136,11 @@
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202338"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0292.json
View File

@ -221,6 +221,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/0xxx/CVE-2015-0293.json
View File

@ -321,6 +321,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

63
2015/10xxx/CVE-2015-10004.json
View File

@ -1,17 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-10004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 208: Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/robbert229/jwt",
"product": {
"product_data": [
{
"product_name": "github.com/robbert229/jwt",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654",
"refsource": "MISC",
"name": "https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654"
},
{
"url": "https://github.com/robbert229/jwt/issues/12",
"refsource": "MISC",
"name": "https://github.com/robbert229/jwt/issues/12"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0023",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0023"
}
]
}

99
2015/10xxx/CVE-2015-10005.json Normal file
View File

@ -0,0 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10005",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in markdown-it bis 2.x ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei lib/common/html_re.js. Durch das Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 3.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 89c8620157d6e38f9872811620d25138fc9d1b0d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "markdown-it",
"version": {
"version_data": [
{
"version_value": "2.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216852",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216852"
},
{
"url": "https://vuldb.com/?ctiid.216852",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216852"
},
{
"url": "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d",
"refsource": "MISC",
"name": "https://github.com/markdown-it/markdown-it/commit/89c8620157d6e38f9872811620d25138fc9d1b0d"
},
{
"url": "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0",
"refsource": "MISC",
"name": "https://github.com/markdown-it/markdown-it/releases/tag/3.0.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
}
]
}
}

106
2015/10xxx/CVE-2015-10006.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10006",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in admont28 Ingnovarq entdeckt. Dies betrifft einen unbekannten Teil der Datei app/controller/insertarSliderAjax.php. Durch Beeinflussen des Arguments imagetitle mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 9d18a39944d79dfedacd754a742df38f99d3c0e2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "admont28",
"product": {
"product_data": [
{
"product_name": "Ingnovarq",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217172",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217172"
},
{
"url": "https://vuldb.com/?ctiid.217172",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217172"
},
{
"url": "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2",
"refsource": "MISC",
"name": "https://github.com/admont28/ingnovarq/commit/9d18a39944d79dfedacd754a742df38f99d3c0e2"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2015/10xxx/CVE-2015-10007.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10007",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Eine Schwachstelle wurde in 82Flex WEIPDCRM gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 43bad79392332fa39e31b95268e76fbda9fec3a4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "82Flex",
"product": {
"product_data": [
{
"product_name": "WEIPDCRM",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217184",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217184"
},
{
"url": "https://vuldb.com/?ctiid.217184",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217184"
},
{
"url": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4",
"refsource": "MISC",
"name": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

106
2015/10xxx/CVE-2015-10008.json Normal file
View File

@ -0,0 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2015-10008",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED **Es wurde eine Schwachstelle in 82Flex WEIPDCRM ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion. Dank Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als 43bad79392332fa39e31b95268e76fbda9fec3a4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "82Flex",
"product": {
"product_data": [
{
"product_name": "WEIPDCRM",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4",
"refsource": "MISC",
"name": "https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4"
},
{
"url": "https://vuldb.com/?id.217185",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217185"
},
{
"url": "https://vuldb.com/?ctiid.217185",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217185"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}
}

5
2015/1xxx/CVE-2015-1197.json
View File

@ -91,6 +91,11 @@
"name": "[Bug-cpio] 20150108 cpio: directory traversal vulnerability via symlinks",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/169458/Zimbra-Collaboration-Suite-TAR-Path-Traversal.html"
}
]
}

5
2015/1xxx/CVE-2015-1787.json
View File

@ -131,6 +131,11 @@
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1788.json
View File

@ -281,6 +281,11 @@
"name": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1789.json
View File

@ -326,6 +326,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1790.json
View File

@ -316,6 +316,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1791.json
View File

@ -301,6 +301,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1792.json
View File

@ -291,6 +291,11 @@
"name": "HPSBGN03371",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/1xxx/CVE-2015-1794.json
View File

@ -111,6 +111,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

95
2015/1xxx/CVE-2015-1931.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,96 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html"
},
{
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21962302",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962302"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1485.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1486.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1488.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"refsource": "MISC",
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1544.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2015-1604.html",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/75985",
"url": "http://www.securityfocus.com/bid/75985"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html"
}
]
}

17
2015/20xxx/CVE-2015-20107.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments)."
"value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9"
}
]
},
@ -166,6 +166,21 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-b499f2a9c6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d1682fef04",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-79843dfb3c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
},
{
"refsource": "CONFIRM",
"name": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html",
"url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
}
]
}

5
2015/3xxx/CVE-2015-3193.json
View File

@ -156,6 +156,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/3xxx/CVE-2015-3194.json
View File

@ -236,6 +236,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/3xxx/CVE-2015-3195.json
View File

@ -281,6 +281,11 @@
"name": "openSUSE-SU-2015:2349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/3xxx/CVE-2015-3196.json
View File

@ -176,6 +176,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/3xxx/CVE-2015-3197.json
View File

@ -226,6 +226,11 @@
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/3xxx/CVE-2015-3884.json
View File

@ -61,6 +61,11 @@
"name": "http://rossmarks.uk/portfolio.php",
"refsource": "MISC",
"url": "http://rossmarks.uk/portfolio.php"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.html"
}
]
}

5
2015/4xxx/CVE-2015-4000.json
View File

@ -1141,6 +1141,11 @@
"name": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/5xxx/CVE-2015-5352.json
View File

@ -121,6 +121,11 @@
"name": "USN-2710-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2710-1"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/5xxx/CVE-2015-5600.json
View File

@ -211,6 +211,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/6xxx/CVE-2015-6563.json
View File

@ -136,6 +136,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/6xxx/CVE-2015-6564.json
View File

@ -126,6 +126,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/6xxx/CVE-2015-6565.json
View File

@ -101,6 +101,11 @@
"name": "76497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76497"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2015/6xxx/CVE-2015-6574.json
View File

@ -66,6 +66,11 @@
"name": "https://www.sisconet.com/wp-content/uploads/2016/04/SecNote_CVE-2015-6574-Portcullis-20160426.pdf",
"refsource": "CONFIRM",
"url": "https://www.sisconet.com/wp-content/uploads/2016/04/SecNote_CVE-2015-6574-Portcullis-20160426.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-223771.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223771.pdf"
}
]
}

5
2015/8xxx/CVE-2015-8325.json
View File

@ -106,6 +106,11 @@
"name": "https://security.netapp.com/advisory/ntap-20180628-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180628-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0701.json
View File

@ -166,6 +166,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0702.json
View File

@ -266,6 +266,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0703.json
View File

@ -201,6 +201,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0704.json
View File

@ -191,6 +191,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0705.json
View File

@ -331,6 +331,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0777.json
View File

@ -216,6 +216,11 @@
"name": "DSA-3446",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0778.json
View File

@ -201,6 +201,11 @@
"name": "DSA-3446",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0797.json
View File

@ -266,6 +266,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0798.json
View File

@ -171,6 +171,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0799.json
View File

@ -341,6 +341,11 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/0xxx/CVE-2016-0800.json
View File

@ -361,6 +361,11 @@
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1260-security-advisory-18"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/10xxx/CVE-2016-10009.json
View File

@ -126,6 +126,11 @@
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1009"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/10xxx/CVE-2016-10010.json
View File

@ -111,6 +111,11 @@
"name": "https://www.openssh.com/txt/release-7.4",
"refsource": "CONFIRM",
"url": "https://www.openssh.com/txt/release-7.4"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/10xxx/CVE-2016-10011.json
View File

@ -106,6 +106,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/10xxx/CVE-2016-10012.json
View File

@ -106,6 +106,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K62201745?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K62201745?utm_source=f5support&utm_medium=RSS"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/10xxx/CVE-2016-10228.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
}
]
}

5
2016/10xxx/CVE-2016-10541.json
View File

@ -57,6 +57,11 @@
"name": "https://nodesecurity.io/advisories/117",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/117"
},
{
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-qg8p-v9q4-gh34",
"url": "https://github.com/advisories/GHSA-qg8p-v9q4-gh34"
}
]
}

76
2016/15xxx/CVE-2016-15005.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-15005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/dinever/golf",
"product": {
"product_data": [
{
"product_name": "github.com/dinever/golf",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dinever/golf/pull/24",
"refsource": "MISC",
"name": "https://github.com/dinever/golf/pull/24"
},
{
"url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe",
"refsource": "MISC",
"name": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe"
},
{
"url": "https://github.com/dinever/golf/issues/20",
"refsource": "MISC",
"name": "https://github.com/dinever/golf/issues/20"
},
{
"url": "https://pkg.go.dev/vuln/GO-2020-0045",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2020-0045"
}
]
},
"credits": [
{
"lang": "en",
"value": "@elithrar"
}
]
}

119
2016/15xxx/CVE-2016-15006.json Normal file
View File

@ -0,0 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2016-15006",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"cweId": "CWE-337"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "enigmaX",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
},
{
"version_value": "2.1",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.217181",
"refsource": "MISC",
"name": "https://vuldb.com/?id.217181"
},
{
"url": "https://vuldb.com/?ctiid.217181",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.217181"
},
{
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5",
"refsource": "MISC",
"name": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3",
"refsource": "MISC",
"name": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"baseSeverity": "LOW"
}
]
}
}

5
2016/1xxx/CVE-2016-1907.json
View File

@ -101,6 +101,11 @@
"name": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0",
"refsource": "CONFIRM",
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

5
2016/1xxx/CVE-2016-1908.json
View File

@ -106,6 +106,11 @@
"name": "RHSA-2016:0465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0465.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}

Some files were not shown because too many files have changed in this diff Show More