admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #200 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2019-12-03 09:49:50 -05:00 committed by GitHub
commit c099dd0e4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
824 changed files with 22956 additions and 509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2011/1xxx/CVE-2011-1933.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1933",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libjifty-dbi-perl",
"version": {
"version_data": [
{
"version_value": "0.77-1"
}
]
}
}
]
},
"vendor_name": "libjifty-dbi-perl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Jifty::DBI before 0.68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1933",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1933"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-1933",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-1933"
},
{
"refsource": "CONFIRM",
"name": "https://metacpan.org/changes/distribution/Jifty-DBI",
"url": "https://metacpan.org/changes/distribution/Jifty-DBI"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap",
"url": "https://seclists.org/oss-sec/2011/q2/464"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622919",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622919"
},
{
"refsource": "MLIST",
"name": "[jifty-devel] 20110415 Security weaknesses in Jifty::DBI",
"url": "http://lists.jifty.org/pipermail/jifty-devel/2011-April/002426.html"
}
]
}

65
2011/1xxx/CVE-2011-1934.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1934",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "lilo",
"product": {
"product_data": [
{
"product_name": "lilo",
"version": {
"version_data": [
{
"version_value": "23.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lilo.conf world-readable"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1934",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1934"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-1934",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-1934"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap",
"url": "https://seclists.org/oss-sec/2011/q2/464"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103"
}
]
}

93
2011/1xxx/CVE-2011-1939.json
View File

@ -1,8 +1,44 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1939",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zendframework;PHP",
"product": {
"product_data": [
{
"product_name": "zendframework",
"version": {
"version_data": [
{
"version_value": "1.10.x before 1.10.9"
},
{
"version_value": "1.11.x before 1.11.6"
}
]
}
},
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "before 5.3.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +47,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "potential SQL injection vector when using PDO_MySql (ZF2011-02)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "47919",
"url": "http://www.securityfocus.com/bid/47919"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1939",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1939"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-1939",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-1939"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201408-01.xml",
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201408-01.xml"
},
{
"refsource": "CONFIRM",
"name": "https://framework.zend.com/security/advisory/ZF2011-02",
"url": "https://framework.zend.com/security/advisory/ZF2011-02"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.php.net/bug.php?id=47802",
"url": "https://bugs.php.net/bug.php?id=47802"
}
]
}

65
2011/2xxx/CVE-2011-2177.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2177",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenOffice.org",
"product": {
"product_data": [
{
"product_name": "OpenOffice.org",
"version": {
"version_data": [
{
"version_value": "3.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2177",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2177"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2177",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2177"
},
{
"refsource": "MISC",
"name": "https://twitter.com/instasegv/status/75482755194032128",
"url": "https://twitter.com/instasegv/status/75482755194032128"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110602 Re: CVE Request -- OpenOffice.org -- InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009)",
"url": "https://www.openwall.com/lists/oss-security/2011/06/02/4"
}
]
}

75
2011/2xxx/CVE-2011-2187.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2187",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xscreensaver",
"product": {
"product_data": [
{
"product_name": "xscreensaver",
"version": {
"version_data": [
{
"version_value": "before 5.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exits when activated (DPMSForceLevel)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2187",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2187"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2187",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2187"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated",
"url": "https://www.openwall.com/lists/oss-security/2011/06/06/17"
},
{
"refsource": "MISC",
"name": "https://www.jwz.org/xscreensaver/changelog.html",
"url": "https://www.jwz.org/xscreensaver/changelog.html"
}
]
}

73
2011/2xxx/CVE-2011-2207.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2207",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dirmngr",
"product": {
"product_data": [
{
"product_name": "dirmngr",
"version": {
"version_data": [
{
"version_value": "1.1.0"
},
{
"version_value": "fixed in 2.1.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper dealing with blocking system calls, when verifying a certificate"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2207",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2207"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2207",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2207"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110615 Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate",
"url": "https://www.openwall.com/lists/oss-security/2011/06/15/6"
}
]
}

80
2011/2xxx/CVE-2011-2480.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2480",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD, NetBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 8.2"
}
]
}
},
{
"product_name": "NetBSD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "info disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2480",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2480"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2480",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2480"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110620 Re: CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure",
"url": "https://www.openwall.com/lists/oss-security/2011/06/20/15"
}
]
}

68
2011/2xxx/CVE-2011-2515.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2515",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "packagekit",
"product": {
"product_data": [
{
"product_name": "packagekit",
"version": {
"version_data": [
{
"version_value": "0.6.15"
},
{
"version_value": "0.6.17"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +37,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "installs unsigned RPM packages as though they were signed"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2515",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"refsource": "BID",
"name": "48557",
"url": "https://www.securityfocus.com/bid/48557/info"
}
]
}

70
2011/2xxx/CVE-2011-2523.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2523",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vsftpd",
"product": {
"product_data": [
{
"product_name": "vsftpd",
"version": {
"version_data": [
{
"version_value": "2.3.4 downloaded between 20110630 and 20110703"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2523",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-2523"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2523",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2523"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110711 Re: vsftpd download backdoored",
"url": "https://www.openwall.com/lists/oss-security/2011/07/11/5"
},
{
"refsource": "MISC",
"name": "https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805",
"url": "https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html",
"url": "https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html"
}
]
}

65
2011/2xxx/CVE-2011-2717.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2717",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dhcpv6 project",
"product": {
"product_data": [
{
"product_name": "dhcpv6",
"version": {
"version_data": [
{
"version_value": "through 2011-07-25"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient checking of DHCP options"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2717",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2717"
},
{
"url": "https://access.redhat.com/security/cve/cve-2011-2717",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-2717"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20110726 Re: CVE request - dhcp clients",
"url": "https://www.openwall.com/lists/oss-security/2011/07/26/9"
},
{
"refsource": "MISC",
"name": "https://vigilance.fr/vulnerability/dhcp6c-shell-command-injection-10869",
"url": "https://vigilance.fr/vulnerability/dhcp6c-shell-command-injection-10869"
}
]
}

50
2011/4xxx/CVE-2011-4310.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4310",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The CMS Made Simple Foundation",
"product": {
"product_data": [
{
"product_name": "CMSMS",
"version": {
"version_data": [
{
"version_value": "before 1.9.4.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.cmsmadesimple.org/2011/08/Announcing-CMSMS-1-9-4-3---Security-Release/",
"url": "https://www.cmsmadesimple.org/2011/08/Announcing-CMSMS-1-9-4-3---Security-Release/"
}
]
}

110
2012/2xxx/CVE-2012-2248.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2248",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "isc-dhcp",
"version": {
"version_data": [
{
"version_value": "4.3.1-6"
}
]
}
}
]
},
"vendor_name": "isc-dhcp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,88 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PATH set in dhclient"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2248",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2248"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/19"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/15/1",
"url": "http://www.openwall.com/lists/oss-security/2012/10/15/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/17/13",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/13"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/17/14",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/14"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/1",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/15",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/15"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/16",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/16"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/17",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/17"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/18",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/18"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/2",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/3",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/3"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/21/1",
"url": "http://www.openwall.com/lists/oss-security/2012/10/21/1"
}
]
}

95
2012/4xxx/CVE-2012-4428.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4428",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openslp-dfsg",
"product": {
"product_data": [
{
"product_name": "openslp-dfsg",
"version": {
"version_data": [
{
"version_value": "1.2.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openslp: SLPIntersectStringList()' Function has a DoS vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read in SLPIntersectStringList() can cause DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4428",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4428"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4428",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4428"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/13/27",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/27"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55540",
"url": "http://www.securityfocus.com/bid/55540"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2730-1",
"url": "http://www.ubuntu.com/usn/USN-2730-1"
},
{
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/201707-05",
"url": "https://security.gentoo.org/glsa/201707-05"
}
]
}

70
2012/4xxx/CVE-2012-4480.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4480",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mom",
"version": {
"version_data": [
{
"version_value": "through 2012-10-05"
}
]
}
}
]
},
"vendor_name": "mom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mom creates world-writable pid files in /var/run"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "creates world-writable pid file"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4480",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4480"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4480",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4480"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090188.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090188.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089658.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089658.html"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79190",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79190"
}
]
}

70
2012/4xxx/CVE-2012-4525.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4525",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "piwigo",
"product": {
"product_data": [
{
"product_name": "piwigo",
"version": {
"version_data": [
{
"version_value": "2.4.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "piwigo has XSS in password.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "in password.php"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4525",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4525"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4525",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4525"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/11/1"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55710",
"url": "http://www.securityfocus.com/bid/55710"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/4",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/4"
}
]
}

70
2012/4xxx/CVE-2012-4526.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4526",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "piwigo",
"product": {
"product_data": [
{
"product_name": "piwigo",
"version": {
"version_data": [
{
"version_value": "2.4.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "in password.php, incomplete fix for CVE-2012-4525"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/11/1",
"url": "http://www.openwall.com/lists/oss-security/2013/02/11/1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4526",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4526"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4526",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4526"
},
{
"url": "http://www.securityfocus.com/bid/55710",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55710"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/10/18/4",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/4"
}
]
}

84
2012/4xxx/CVE-2012-4576.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4576",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "7.4"
},
{
"version_value": "8.3"
},
{
"version_value": "9.0"
},
{
"version_value": "and 9.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +43,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FreeBSD: Input Validation Flaw allows local users to gain elevated privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4576",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-4576"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4576",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4576"
},
{
"url": "http://www.securityfocus.com/bid/56654",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/56654"
},
{
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0089.html",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0089.html"
},
{
"refsource": "MISC",
"name": "http://www.securitytracker.com/id?1027809",
"url": "http://www.securitytracker.com/id?1027809"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80321",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80321"
}
]
}

60
2012/5xxx/CVE-2012-5562.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5562",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhn-proxy",
"version": {
"version_data": [
{
"version_value": "through 2012-11-22"
}
]
}
}
]
},
"vendor_name": "rhn-proxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "may transmit credentials over clear-text"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5562",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5562"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5562",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5562"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5562",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5562"
}
]
}

73
2012/6xxx/CVE-2012-6655.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6655",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6655",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6655"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/08/16/7",
"url": "http://www.openwall.com/lists/oss-security/2014/08/16/7"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/69245",
"url": "http://www.securityfocus.com/bid/69245"
}
]
}

55
2013/2xxx/CVE-2013-2101.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2101",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Katello",
"version": {
"version_data": [
{
"version_value": "through 2013-05-16"
}
]
}
}
]
},
"vendor_name": "Katello"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Katello has multiple XSS issues in various entities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple XSS in various entities"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2101",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2101"
}
]
}

55
2013/2xxx/CVE-2013-2103.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2103",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenShift cartridge",
"version": {
"version_data": [
{
"version_value": "through 2013-05-17"
}
]
}
}
]
},
"vendor_name": "OpenShift cartridge"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenShift cartridge allows remote URL retrieval"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote URL retrieval"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2103",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2103"
}
]
}

60
2013/2xxx/CVE-2013-2106.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2106",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "webauth",
"product": {
"product_data": [
{
"product_name": "webauth",
"version": {
"version_data": [
{
"version_value": "4.4.1 up to 4.5.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "webauth before 4.6.1 has authentication credential disclosure"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "credential disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2106",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2106"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2106",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2106"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/05/18/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/05/18/6"
}
]
}

80
2013/2xxx/CVE-2013-2228.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2228",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SaltStack",
"product": {
"product_data": [
{
"product_name": "SaltStack",
"version": {
"version_data": [
{
"version_value": "\u2264 0.15.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SaltStack RSA Key Generation allows remote users to decrypt communications"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exponent of 1"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2228",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2228"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/07/01/1",
"url": "http://www.openwall.com/lists/oss-security/2013/07/01/1"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60868",
"url": "http://www.securityfocus.com/bid/60868"
},
{
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1028717",
"url": "http://www.securitytracker.com/id/1028717"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85372",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85372"
}
]
}

68
2013/2xxx/CVE-2013-2625.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58936",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}

95
2013/4xxx/CVE-2013-4410.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4410",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ReviewBoard",
"product": {
"product_data": [
{
"product_name": "ReviewBoard",
"version": {
"version_data": [
{
"version_value": "Fixed in 1.6.19 and 1.7.15"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ReviewBoard: has an access-control problem in REST API"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "access-control problems with REST API"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4410",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4410"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4410",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4410"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/63022",
"url": "http://www.securityfocus.com/bid/63022"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060"
}
]
}

67
2013/7xxx/CVE-2013-7484.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zabbix before 5.0 represents passwords in the users table with unsalted MD5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.zabbix.com/browse/ZBX-16551",
"refsource": "MISC",
"name": "https://support.zabbix.com/browse/ZBX-16551"
},
{
"url": "https://support.zabbix.com/browse/ZBXNEXT-1898",
"refsource": "MISC",
"name": "https://support.zabbix.com/browse/ZBXNEXT-1898"
}
]
}
}

80
2014/3xxx/CVE-2014-3591.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3591",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,81 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNU",
"product": {
"product_data": [
{
"product_name": "Libgcrypt",
"version": {
"version_data": [
{
"version_value": "before 1.6.3"
}
]
}
},
{
"product_name": "GnuPG",
"version": {
"version_data": [
{
"version_value": "before 1.4.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.cs.tau.ac.il/~tromer/radioexp/",
"url": "http://www.cs.tau.ac.il/~tromer/radioexp/"
},
{
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3184",
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3185",
"url": "http://www.debian.org/security/2015/dsa-3185"
}
]
}

68
2014/3xxx/CVE-2014-3875.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3875",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2014/Jun/1",
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67783",
"url": "http://www.securityfocus.com/bid/67783"
}
]
}

5
2014/6xxx/CVE-2014-6053.json
View File

@ -106,6 +106,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
}
]
}

48
2014/9xxx/CVE-2014-9356.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9356",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,52 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]",
"url": "http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
}

5
2014/9xxx/CVE-2014-9862.json
View File

@ -96,6 +96,11 @@
"name": "openSUSE-SU-2016:1977",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2010-1] bsdiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00028.html"
}
]
}

80
2015/0xxx/CVE-2015-0837.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0837",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,81 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GNU",
"product": {
"product_data": [
{
"product_name": "Libgcrypt",
"version": {
"version_data": [
{
"version_value": "before 1.6.3"
}
]
}
},
{
"product_name": "GnuPG",
"version": {
"version_data": [
{
"version_value": "before 1.4.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3184",
"url": "http://www.debian.org/security/2015/dsa-3184"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3185",
"url": "http://www.debian.org/security/2015/dsa-3185"
},
{
"refsource": "CONFIRM",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"
},
{
"refsource": "CONFIRM",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"
},
{
"refsource": "MISC",
"name": "https://ieeexplore.ieee.org/document/7163050",
"url": "https://ieeexplore.ieee.org/document/7163050"
}
]
}

81
2015/1xxx/CVE-2015-1855.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1855",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,82 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ruby",
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "before 2.0.0 patchlevel 645"
},
{
"version_value": "2.1.x before 2.1.6"
},
{
"version_value": "and 2.2.x before 2.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3247",
"url": "http://www.debian.org/security/2015/dsa-3247"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3245",
"url": "http://www.debian.org/security/2015/dsa-3245"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2015/dsa-3246",
"url": "http://www.debian.org/security/2015/dsa-3246"
},
{
"refsource": "MISC",
"name": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/",
"url": "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/"
},
{
"refsource": "MISC",
"name": "https://puppetlabs.com/security/cve/cve-2015-1855",
"url": "https://puppetlabs.com/security/cve/cve-2015-1855"
},
{
"refsource": "MISC",
"name": "https://bugs.ruby-lang.org/issues/9644",
"url": "https://bugs.ruby-lang.org/issues/9644"
}
]
}

78
2015/2xxx/CVE-2015-2060.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2060",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,81 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/18/3",
"url": "http://www.openwall.com/lists/oss-security/2015/02/18/3"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/23/16",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/16"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/23/24",
"url": "http://www.openwall.com/lists/oss-security/2015/02/23/24"
},
{
"refsource": "MISC",
"name": "http://www.cabextract.org.uk/",
"url": "http://www.cabextract.org.uk/"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html"
},
{
"refsource": "MISC",
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:064"
}
]
}

68
2015/3xxx/CVE-2015-3406.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3406",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,72 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/07/1",
"url": "http://www.openwall.com/lists/oss-security/2015/04/07/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/04/23/17",
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/17"
},
{
"refsource": "MISC",
"name": "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f",
"url": "https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f"
},
{
"refsource": "MISC",
"name": "https://metacpan.org/changes/distribution/Module-Signature",
"url": "https://metacpan.org/changes/distribution/Module-Signature"
},
{
"refsource": "MISC",
"name": "http://ubuntu.com/usn/usn-2607-1",
"url": "http://ubuntu.com/usn/usn-2607-1"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
}

50
2015/5xxx/CVE-2015-5155.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5155",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2010-3609. Reason: This candidate is a duplicate of CVE-2010-3609. Notes: All CVE users should reference CVE-2010-3609 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "with crafted \"nextoffset\" and \"extid\" values causes DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.example.com",
"url": "http://www.example.com"
}
]
}

5
2015/9xxx/CVE-2015-9297.json
View File

@ -56,6 +56,11 @@
"url": "https://wordpress.org/plugins/events-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/events-manager/#developers"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9761",
"url": "https://wpvulndb.com/vulnerabilities/9761"
}
]
}

5
2015/9xxx/CVE-2015-9298.json
View File

@ -56,6 +56,11 @@
"url": "https://wordpress.org/plugins/events-manager/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/events-manager/#developers"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9761",
"url": "https://wpvulndb.com/vulnerabilities/9761"
}
]
}

63
2016/1000xxx/CVE-2016-1000110.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000110",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1000110",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1000110"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/"
}
]
}

5
2016/10xxx/CVE-2016-10745.json
View File

@ -101,6 +101,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3964",
"url": "https://access.redhat.com/errata/RHSA-2019:3964"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4062",
"url": "https://access.redhat.com/errata/RHSA-2019:4062"
}
]
}

10
2016/10xxx/CVE-2016-10937.json
View File

@ -66,6 +66,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1976-1] imapfilter security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00040.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-a6c5d70bde",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBNDFMAIUA6PQMV2P6OKIP7JZQEWX7D2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-90925dd5aa",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQUH2TOCNEST7JB2RJVVJT3RZS5XZCFZ/"
}
]
}

60
2016/4xxx/CVE-2016-4980.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4980",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xguest",
"version": {
"version_data": [
{
"version_value": "through 2016-06-13"
}
]
}
}
]
},
"vendor_name": "xguest"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A password generation weakness exists in xquest through 2016-06-13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure password creation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4980",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4980"
},
{
"url": "https://access.redhat.com/security/cve/cve-2016-4980",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2016-4980"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVW2QJFNZUZYBN4M4YUE7S2NZBWWMGES/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVW2QJFNZUZYBN4M4YUE7S2NZBWWMGES/"
}
]
}

5
2016/6xxx/CVE-2016-6296.json
View File

@ -116,6 +116,11 @@
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2011-1] xmlrpc-epi security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html"
}
]
}

48
2016/9xxx/CVE-2016-9271.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9271",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_210"
}
]
}

10
2016/9xxx/CVE-2016-9798.json
View File

@ -66,6 +66,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1476",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2585",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00071.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2588",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00072.html"
}
]
}

10
2017/10xxx/CVE-2017-10661.json
View File

@ -101,6 +101,16 @@
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4058",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4057",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
}
]
}

63
2017/12xxx/CVE-2017-12945.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/aress31/cve-2017-12945",
"url": "https://github.com/aress31/cve-2017-12945"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "47722",
"url": "https://www.exploit-db.com/exploits/47722"
},
{
"refsource": "MISC",
"name": "https://documentation.mersive.com/content/pages/release-notes.htm",
"url": "https://documentation.mersive.com/content/pages/release-notes.htm"
}
]
}

5
2017/14xxx/CVE-2017-14160.json
View File

@ -61,6 +61,11 @@
"name": "http://openwall.com/lists/oss-security/2017/09/21/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/21/2"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191127 [SECURITY] [DLA 2013-1] libvorbis security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"
}
]
}

5
2017/17xxx/CVE-2017-17095.json
View File

@ -81,6 +81,11 @@
"name": "http://www.openwall.com/lists/oss-security/2017/11/30/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/30/3"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
}
]
}

10
2017/18xxx/CVE-2017-18208.json
View File

@ -121,6 +121,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3967",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4058",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4057",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
}
]
}

48
2017/7xxx/CVE-2017-7399.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7399",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_tvf_34r_1cb"
}
]
}

5
2018/10xxx/CVE-2018-10392.json
View File

@ -61,6 +61,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3703",
"url": "https://access.redhat.com/errata/RHSA-2019:3703"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191127 [SECURITY] [DLA 2013-1] libvorbis security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"
}
]
}

5
2018/10xxx/CVE-2018-10393.json
View File

@ -61,6 +61,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3703",
"url": "https://access.redhat.com/errata/RHSA-2019:3703"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191127 [SECURITY] [DLA 2013-1] libvorbis security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"
}
]
}

10
2018/10xxx/CVE-2018-10811.json
View File

@ -81,6 +81,16 @@
"name": "DSA-4229",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2594",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2598",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
}
]
}

5
2018/11xxx/CVE-2018-11307.json
View File

@ -136,6 +136,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/12xxx/CVE-2018-12022.json
View File

@ -216,6 +216,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/12xxx/CVE-2018-12023.json
View File

@ -216,6 +216,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/12xxx/CVE-2018-12207.json
View File

@ -73,6 +73,11 @@
"refsource": "UBUNTU",
"name": "USN-4186-2",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-cbb732f760",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
}
]
},

5
2018/12xxx/CVE-2018-12900.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3419",
"url": "https://access.redhat.com/errata/RHSA-2019:3419"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
}
]
}

5
2018/14xxx/CVE-2018-14718.json
View File

@ -201,6 +201,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/14xxx/CVE-2018-14719.json
View File

@ -191,6 +191,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/14xxx/CVE-2018-14720.json
View File

@ -196,6 +196,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/14xxx/CVE-2018-14721.json
View File

@ -181,6 +181,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/15xxx/CVE-2018-15877.json
View File

@ -61,6 +61,11 @@
"name": "45274",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45274/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html"
}
]
}

10
2018/16xxx/CVE-2018-16151.json
View File

@ -76,6 +76,16 @@
"name": "USN-3771-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2594",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2598",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
}
]
}

10
2018/16xxx/CVE-2018-16152.json
View File

@ -76,6 +76,16 @@
"name": "USN-3771-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3771-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2594",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2598",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
}
]
}

10
2018/17xxx/CVE-2018-17540.json
View File

@ -81,6 +81,16 @@
"name": "GLSA-201811-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2594",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2598",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
}
]
}

5
2018/17xxx/CVE-2018-17972.json
View File

@ -151,6 +151,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2473",
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K27673650?utm_source=f5support&utm_medium=RSS"
}
]
}

5
2018/18xxx/CVE-2018-18661.json
View File

@ -71,6 +71,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2053",
"url": "https://access.redhat.com/errata/RHSA-2019:2053"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
}
]
}

5
2018/19xxx/CVE-2018-19360.json
View File

@ -211,6 +211,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/19xxx/CVE-2018-19361.json
View File

@ -211,6 +211,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/19xxx/CVE-2018-19362.json
View File

@ -211,6 +211,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3892",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4037",
"url": "https://access.redhat.com/errata/RHSA-2019:4037"
}
]
}

5
2018/19xxx/CVE-2018-19519.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-6db0d5b9d9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3976",
"url": "https://access.redhat.com/errata/RHSA-2019:3976"
}
]
}

5
2018/20xxx/CVE-2018-20020.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
}
]
}

5
2018/20xxx/CVE-2018-20021.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
}
]
}

5
2018/20xxx/CVE-2018-20022.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
}
]
}

5
2018/20xxx/CVE-2018-20024.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2016-1] ssvnc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html"
}
]
}

48
2018/20xxx/CVE-2018-20090.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20090",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#TSB-351"
}
]
}

5
2018/20xxx/CVE-2018-20784.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU",
"name": "USN-4118-1",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"refsource": "UBUNTU",
"name": "USN-4211-2",
"url": "https://usn.ubuntu.com/4211-2/"
}
]
}

10
2018/20xxx/CVE-2018-20969.json
View File

@ -86,6 +86,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3757",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3758",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4061",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
]
}

7
2018/21xxx/CVE-2018-21031.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to bypass intended access control because X-Plex-Token is mishandled, and can be retrieved from Tautulli."
"value": "Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c as the affected product and version. Further research indicated that Tautulli is the correct affected product."
}
]
},
@ -61,6 +61,11 @@
"url": "https://www.elladodelmal.com/2018/08/shodan-es-de-cine-hacking-tautulli-un.html",
"refsource": "MISC",
"name": "https://www.elladodelmal.com/2018/08/shodan-es-de-cine-hacking-tautulli-un.html"
},
{
"refsource": "MISC",
"name": "https://forums.plex.tv/t/security-regarding-cve-2018-21031/493286",
"url": "https://forums.plex.tv/t/security-regarding-cve-2018-21031/493286"
}
]
}

10
2018/5xxx/CVE-2018-5388.json
View File

@ -89,6 +89,16 @@
"name": "DSA-4229",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4229"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2594",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:2598",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
}
]
},

5
2018/7xxx/CVE-2018-7225.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2014-1] vino security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html"
}
]
}

5
2018/8xxx/CVE-2018-8740.json
View File

@ -91,6 +91,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-49f80a78bc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"refsource": "UBUNTU",
"name": "USN-4205-1",
"url": "https://usn.ubuntu.com/4205-1/"
}
]
}

36
2018/9xxx/CVE-2018-9195.json
View File

@ -15,15 +15,29 @@
"product": {
"product_data": [
{
"product_name": "FortiClient for Windows, FortiOS, FortiClient for Mac OS",
"product_name": "FortiClient for Windows",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.6 and below"
},
{
"version_value": "FortiClient for Windows 6.0.6 and below"
},
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.7 and below"
}
]
}
},
{
"product_name": "FortiClient for Mac OS",
"version": {
"version_data": [
{
"version_value": "FortiClient for Mac OS 6.2.1 and below"
}
@ -54,16 +68,6 @@
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-18-100",
"url": "https://fortiguard.com/advisory/FG-IR-18-100"
},
{
"refsource": "BUGTRAQ",
"name": "20191125 SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "https://seclists.org/bugtraq/2019/Nov/38"
},
{
"refsource": "FULLDISC",
"name": "20191125 SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products",
"url": "http://seclists.org/fulldisclosure/2019/Nov/22"
}
]
},
@ -71,7 +75,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages."
"value": "Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below."
}
]
}

5
2018/9xxx/CVE-2018-9568.json
View File

@ -96,6 +96,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3967",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4056",
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
}
]
}

5
2019/0xxx/CVE-2019-0151.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS"
}
]
},

5
2019/0xxx/CVE-2019-0152.json
View File

@ -53,6 +53,11 @@
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03971en_us"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K34425791?utm_source=f5support&utm_medium=RSS"
}
]
},

15
2019/0xxx/CVE-2019-0193.json
View File

@ -83,6 +83,21 @@
"refsource": "MLIST",
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20191129 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler",
"url": "https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20191130 [jira] [Resolved] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler",
"url": "https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler",
"url": "https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E"
}
]
},

10
2019/0xxx/CVE-2019-0199.json
View File

@ -168,6 +168,16 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1808",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3929",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3931",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
}
]
},

89
2019/10xxx/CVE-2019-10195.json
View File

@ -4,15 +4,98 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "IPA",
"version": {
"version_data": [
{
"version_value": "all IPA 4.6.x versions before 4.6.7"
},
{
"version_value": "all IPA 4.7.x versions before 4.7.4"
},
{
"version_value": "all IPa 4.8.x versions before 4.8.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.freeipa.org/page/Releases/4.7.4",
"refsource": "MISC",
"name": "https://www.freeipa.org/page/Releases/4.7.4"
},
{
"url": "https://www.freeipa.org/page/Releases/4.8.3",
"refsource": "MISC",
"name": "https://www.freeipa.org/page/Releases/4.8.3"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195",
"refsource": "CONFIRM"
},
{
"url": "https://www.freeipa.org/page/Releases/4.6.7",
"refsource": "MISC",
"name": "https://www.freeipa.org/page/Releases/4.6.7"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}

5
2019/10xxx/CVE-2019-10197.json
View File

@ -114,6 +114,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3253",
"url": "https://access.redhat.com/errata/RHSA-2019:3253"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4023",
"url": "https://access.redhat.com/errata/RHSA-2019:4023"
}
]
},

11
2019/10xxx/CVE-2019-10203.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "all pdns 4.1.x before pdns 4.1.10"
"version_value": "pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11"
}
]
}
@ -48,6 +48,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10203",
"refsource": "CONFIRM"
},
{
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html",
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html",
"refsource": "CONFIRM"
}
]
},
@ -55,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4.1.10, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
"value": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS."
}
]
},
@ -69,4 +74,4 @@
]
]
}
}
}

60
2019/10xxx/CVE-2019-10216.json
View File

@ -4,15 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ghostscript",
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "9.50"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
}
}

10
2019/10xxx/CVE-2019-10217.json
View File

@ -48,6 +48,16 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217",
"refsource": "CONFIRM"
},
{
"url": "https://github.com/ansible/ansible/issues/56269",
"name": "https://github.com/ansible/ansible/issues/56269",
"refsource": "CONFIRM"
},
{
"url": "https://github.com/ansible/ansible/pull/59427",
"name": "https://github.com/ansible/ansible/pull/59427",
"refsource": "CONFIRM"
}
]
},

60
2019/10xxx/CVE-2019-10220.json
View File

@ -4,15 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "kernel version 4.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
}
}

16
2019/10xxx/CVE-2019-10223.json
View File

@ -45,14 +45,24 @@
"references": {
"reference_data": [
{
"url": "https://www.openwall.com/lists/oss-security/2019/08/09/1",
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2019/08/09/1"
"refsource": "MLIST",
"name": "[oss-security] 20190815 Re: [ANNOUNCE] Security release of kube-state-metrics v1.7.2",
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/8"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223",
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2",
"url": "https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190809 [ANNOUNCE] Security release of kube-state-metrics v1.7.2",
"url": "https://www.openwall.com/lists/oss-security/2019/08/09/1"
}
]
},

5
2019/11xxx/CVE-2019-11135.json
View File

@ -93,6 +93,11 @@
"refsource": "UBUNTU",
"name": "USN-4186-2",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-cbb732f760",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
}
]
},

5
2019/11xxx/CVE-2019-11755.json
View File

@ -79,6 +79,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4202-1",
"url": "https://usn.ubuntu.com/4202-1/"
}
]
},

10
2019/11xxx/CVE-2019-11811.json
View File

@ -106,6 +106,16 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1971",
"url": "https://access.redhat.com/errata/RHSA-2019:1971"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4058",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4057",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
}
]
}

Some files were not shown because too many files have changed in this diff Show More